Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With A Malware That Injects Ad To Web Browsers


  • This topic is locked This topic is locked
41 replies to this topic

#1 Ugoki

Ugoki

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 March 2015 - 05:54 AM

I managed to disable the malware add-on on Chrome but not remove them since they will simply pop out again when Chrome got restarted.

 

The extensions are:

BestPaRIceisApp 

BEstPricesAPpi u

 

But my main problem is that it seems to make Youtube playbacks to stop playing their sound after the video plays for a while.

 

Also, it freezes my mouse whenever I switched users (freezes on the user selection screen)

 

Here's my FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Mahisa (administrator) on TOTO-PC on 16-03-2015 17:45:23
Running from C:\Users\Mahisa\Downloads
Loaded Profiles: UpdatusUser & Mahisa (Available profiles: Toto & UpdatusUser & Mama & Mahisa & Nabilah)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2014-08-31] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Corel Graphics Suite 1117] => C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe [315392 2002-07-03] (Corel Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949080 2014-12-20] (APN)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe (Macromedia, Inc.)
Startup: C:\Users\Toto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WhatsApp.lnk
ShortcutTarget: WhatsApp.lnk -> C:\ProgramData\{9ab85407-892d-dd7b-9ab8-85407892501e}\WhatsApp.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com/?fr=mkg029
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com/?fr=mkg029
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=455&src=ds&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: BestPricesApp -> {59144afe-deef-47dc-adfc-cbed2441ccad} -> C:\Program Files\BestPricesApp\XDqFY2mO49cBhC.dll [2015-03-06] ()
BHO: youtubeadblocker -> {92e5b04a-dfba-483b-8fda-b7b88c4fb0ed} -> C:\Program Files\youtubeadblocker\ABcJmpZCwHxgCN.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO: EnJOyCouponn -> {eaeb9088-69e3-4795-a148-43226335b8a2} -> C:\Program Files\EnJOyCouponn\2dvk2OWUsUdpGT.dll [2015-03-13] ()
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-02-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\user.js [2014-11-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\searchplugins\ask-search.xml [2015-01-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-08-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-01-11]
FF Extension: Adblock Plus - C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-15]
FF HKU\S-1-5-21-517392967-1551009814-2007856128-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
CHR Profile: C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-30]
CHR Extension: (YouTube) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]
CHR Extension: (Google Search) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-30]
CHR Extension: (Freemake Video Converter) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
CHR Extension: (Gmail) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-30]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-08-30]
CHR HKLM\...\Chrome\Extension: [mahgaopgbalgbfohkikbdjfmaapiehaf] - C:\Users\Nabilah\AppData\Local\CRE\mahgaopgbalgbfohkikbdjfmaapiehaf.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ad92cfe1; c:\Program Files\SystemMight\SystemMight.dll [1584128 2015-03-06] () [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2014-12-19] (APN LLC.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2014-08-31] (Macrovision Corporation) [File not signed]
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [75488 2015-02-08] (Intel® Corporation)
S3 iumsvc; C:\Program Files\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MSSEARCH; C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [73728 2000-07-13] (Microsoft Corporation) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7442493 2000-08-06] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 MSSQL$SQLTOTO2000; C:\PROGRA~1\MICROS~1\MSSQL$~2\binn\sqlservr.exe -sSQLTOTO2000 [X]
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrfl.sys [35544 2014-10-30] (Intel Corporation)
R3 NetTap60; C:\Windows\System32\DRIVERS\nettap60.sys [42712 2014-10-30] (Intel Corporation)
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [11968 2000-06-27] () [File not signed]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [X]
S1 pmjnfvll; \??\C:\Windows\system32\drivers\pmjnfvll.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-16 17:45 - 2015-03-16 17:46 - 00019469 _____ () C:\Users\Mahisa\Downloads\FRST.txt
2015-03-16 17:45 - 2015-03-16 17:45 - 00000000 ____D () C:\FRST
2015-03-16 17:44 - 2015-03-16 17:44 - 01135104 _____ (Farbar) C:\Users\Mahisa\Downloads\FRST.exe
2015-03-15 18:31 - 2015-03-15 18:31 - 00880208 _____ (Google Inc.) C:\Users\Mahisa\Downloads\ChromeSetup.exe
2015-03-15 15:52 - 2015-03-15 15:52 - 00000020 _____ () C:\Users\Nabilah\AppData\Roaming\appdataFr3.bin
2015-03-15 15:10 - 2015-03-15 18:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-15 15:10 - 2015-03-15 15:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-15 15:10 - 2015-03-15 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-15 15:10 - 2015-03-15 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-15 15:10 - 2015-03-15 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-15 15:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-15 15:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-15 15:10 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 15:08 - 2015-03-15 15:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mahisa\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-15 14:41 - 2015-03-15 18:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-15 14:41 - 2015-03-15 14:46 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-15 14:41 - 2015-03-15 14:41 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-15 14:41 - 2015-03-15 14:41 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-15 14:41 - 2015-03-15 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-15 14:41 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-15 14:37 - 2015-03-15 14:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mahisa\Downloads\spybot-2.4.exe
2015-03-15 07:23 - 2015-03-15 15:39 - 00000000 ____D () C:\Users\Mahisa\Desktop\rangkuman
2015-03-14 19:15 - 2015-03-15 16:44 - 00000020 _____ () C:\Users\Mahisa\AppData\Roaming\appdataFr3.bin
2015-03-14 19:15 - 2015-03-15 15:44 - 00000000 ____D () C:\Users\Mahisa\AppData\Local\Adobe
2015-03-13 21:30 - 2015-03-13 21:30 - 00000000 ____D () C:\Program Files\Magnifier for Facebook
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Program Files\EnJOyCouponn
2015-03-13 07:41 - 2015-03-13 07:41 - 00000000 ____D () C:\Program Files\Fuun2Savei
2015-03-13 07:40 - 2015-03-13 07:40 - 00000000 ____D () C:\Program Files\NetoCouPoon
2015-03-12 21:38 - 2015-03-12 21:38 - 00231427 _____ () C:\Users\Mama\Downloads\Meningkatkan surat AJB menjadi SHM.htm
2015-03-12 21:38 - 2015-03-12 21:38 - 00000000 ____D () C:\Users\Mama\Downloads\Meningkatkan surat AJB menjadi SHM_files
2015-03-11 22:19 - 2015-03-11 22:19 - 00000000 ____D () C:\Users\Toto\Documents\video
2015-03-11 21:06 - 2015-03-11 21:06 - 00000000 ____D () C:\ProgramData\NoMore Ads
2015-03-11 10:40 - 2015-02-26 10:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:40 - 2015-02-24 09:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:40 - 2015-02-21 07:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:40 - 2015-02-21 07:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:40 - 2015-02-21 07:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:40 - 2015-02-21 07:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:40 - 2015-02-21 06:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:40 - 2015-02-20 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:40 - 2015-02-20 09:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:40 - 2015-02-20 09:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:40 - 2015-02-20 09:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:40 - 2015-02-20 09:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:40 - 2015-02-20 09:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:40 - 2015-02-20 09:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:40 - 2015-02-20 09:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:40 - 2015-02-20 09:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:40 - 2015-02-20 08:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:40 - 2015-02-20 08:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:40 - 2015-02-20 08:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:40 - 2015-02-20 08:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:40 - 2015-02-20 08:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:40 - 2015-02-20 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 10:40 - 2015-02-20 08:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:40 - 2015-02-20 08:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:40 - 2015-02-20 08:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:40 - 2015-02-20 08:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:40 - 2015-02-20 08:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:40 - 2015-02-20 08:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:40 - 2015-02-20 08:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:40 - 2015-02-20 07:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:40 - 2015-02-20 07:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:40 - 2015-02-13 12:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:40 - 2015-02-03 10:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:40 - 2015-01-17 09:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:38 - 2015-03-06 12:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:38 - 2015-03-06 12:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:38 - 2015-03-06 12:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:38 - 2015-03-06 12:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:38 - 2015-03-06 12:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:38 - 2015-03-06 12:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:38 - 2015-03-06 12:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:38 - 2015-03-06 12:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:38 - 2015-03-06 12:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:38 - 2015-02-20 11:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:38 - 2015-02-20 11:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:38 - 2015-02-20 11:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:38 - 2015-02-20 11:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:38 - 2015-02-20 10:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:38 - 2015-02-04 09:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:38 - 2015-02-03 10:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:38 - 2015-02-03 10:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:37 - 2015-02-03 10:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 10:37 - 2015-02-03 10:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:37 - 2015-02-03 10:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:37 - 2015-02-03 10:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:37 - 2015-02-03 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:37 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:37 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:37 - 2015-02-03 10:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:37 - 2015-02-03 10:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:37 - 2015-02-03 10:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:37 - 2015-02-03 10:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:37 - 2015-02-03 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 10:37 - 2015-02-03 10:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:37 - 2015-02-03 10:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:37 - 2015-02-03 09:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:37 - 2015-01-31 06:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:37 - 2014-11-01 05:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 23:50 - 2015-03-10 23:50 - 00000185 _____ () C:\Users\Toto\komala.txt
2015-03-10 18:24 - 2015-03-10 18:24 - 00250913 _____ () C:\Users\Nabilah\Downloads\Pendaftaran SNMPTN.html
2015-03-10 18:24 - 2015-03-10 18:24 - 00000000 ____D () C:\Users\Nabilah\Downloads\Pendaftaran SNMPTN_files
2015-03-10 09:42 - 2015-03-10 09:42 - 00000000 ____D () C:\Users\Mama\AppData\Local\Adobe
2015-03-08 16:58 - 2015-03-08 16:58 - 00025877 _____ () C:\Users\Toto\Documents\spARRecvPost2GL.sql
2015-03-08 16:48 - 2015-03-08 16:48 - 00053371 _____ () C:\Users\Toto\Documents\spAPOtherRcvPost2GL.sql
2015-03-06 20:45 - 2015-03-06 20:45 - 01150816 _____ () C:\Users\Toto\Downloads\WhatsApp(1).exe
2015-03-06 20:44 - 2015-03-06 20:44 - 00000000 ____D () C:\Program Files\SystemMight
2015-03-06 20:43 - 2015-03-07 18:46 - 00000000 ____D () C:\ProgramData\{9ab85407-892d-dd7b-9ab8-85407892501e}
2015-03-06 20:43 - 2015-03-06 20:43 - 00000000 ____D () C:\ProgramData\klakgdenjeemhdpfajojmoebehmadmkb
2015-03-06 20:33 - 2015-03-06 20:44 - 00000000 ____D () C:\Program Files\IndepthEdit
2015-03-06 20:33 - 2015-03-06 20:33 - 00000000 ____D () C:\Program Files\Facebook Share Button (by Shareaholic)
2015-03-06 20:33 - 2015-03-06 20:33 - 00000000 ____D () C:\Program Files\BestPricesApp
2015-03-06 20:32 - 2015-03-13 21:30 - 00000000 ____D () C:\ProgramData\1865485668820764484
2015-03-06 20:32 - 2015-03-06 20:32 - 00000000 ____D () C:\ProgramData\inhiepbfhoefabbgolpnehcejgjkdlga
2015-03-06 20:32 - 2015-03-06 20:32 - 00000000 ____D () C:\ProgramData\{c2effbd3-7c3d-10c6-c2ef-ffbd37c3ef4d}
2015-03-06 20:30 - 2015-03-06 20:30 - 01150972 _____ () C:\Users\Toto\Downloads\WhatsApp.exe
2015-03-06 18:08 - 2015-03-06 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-06 18:08 - 2015-03-06 18:08 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-05 16:51 - 2015-03-05 16:51 - 01692672 _____ () C:\Users\Nabilah\Downloads\Template PPT Portofolio Seni Musik SNMPTN 2015.ppt
2015-03-04 21:51 - 2015-03-04 21:51 - 00079634 _____ () C:\Users\Toto\Downloads\PAY VOUCHER.xlsx
2015-03-04 13:45 - 2015-01-09 09:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 13:45 - 2015-01-09 09:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 13:45 - 2015-01-09 09:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 13:09 - 2015-03-06 18:08 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-04 13:09 - 2015-03-06 18:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-04 13:08 - 2015-03-04 15:34 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-04 13:08 - 2015-03-04 13:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-04 13:08 - 2015-03-04 13:08 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-04 13:02 - 2015-03-04 13:10 - 00000000 ____D () C:\Users\Nabilah\AppData\Local\Adobe
2015-02-28 20:29 - 2015-02-28 21:42 - 00028336 _____ () C:\Users\Toto\Documents\spARTranPost2GL.sql
2015-02-25 16:19 - 2015-01-09 06:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 15:51 - 2015-02-25 15:55 - 00000000 ____D () C:\ProgramData\Intel
2015-02-25 15:51 - 2015-02-25 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-25 15:51 - 2015-02-25 15:51 - 00000000 ____D () C:\ProgramData\Intel® Update Manager
2015-02-25 15:51 - 2015-02-25 15:51 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-02-25 15:51 - 2015-02-25 15:51 - 00000000 ____D () C:\Program Files\Intel
2015-02-25 13:48 - 2015-02-25 13:48 - 00000967 _____ () C:\Users\Public\Desktop\TRYout TPA.lnk
2015-02-25 13:48 - 2015-02-25 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRYout TPA
2015-02-25 13:48 - 2015-02-25 13:48 - 00000000 ____D () C:\Program Files\TRYout TPA
2015-02-25 13:48 - 2004-03-08 23:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\system32\RICHTX32.OCX
2015-02-23 21:21 - 2015-03-06 18:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-23 21:21 - 2015-02-23 21:22 - 00000000 ____D () C:\Users\Toto\AppData\Roaming\Mozilla
2015-02-23 21:21 - 2015-02-23 21:22 - 00000000 ____D () C:\Users\Toto\AppData\Local\Mozilla
2015-02-23 21:21 - 2015-02-23 21:21 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-23 21:21 - 2015-02-23 21:21 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-23 21:19 - 2015-02-23 21:19 - 00243440 _____ () C:\Users\Toto\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-21 21:40 - 2015-02-21 21:40 - 00002805 _____ () C:\Users\Toto\Documents\ar_import_2014.sql
2015-02-19 20:27 - 2015-02-19 20:27 - 00246047 _____ () C:\Users\Mama\Downloads\INFO SNMPTN 2015.htm
2015-02-19 20:27 - 2015-02-19 20:27 - 00000000 ____D () C:\Users\Mama\Downloads\INFO SNMPTN 2015_files
2015-02-18 22:10 - 2015-02-18 22:10 - 00000989 _____ () C:\Users\Public\Desktop\Face Off Max.lnk
2015-02-18 22:10 - 2015-02-18 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Face Off Max
2015-02-18 22:10 - 2015-02-18 22:10 - 00000000 ____D () C:\Program Files\FaceOffMax
2015-02-16 21:22 - 2015-02-16 21:22 - 00108880 _____ () C:\Users\Toto\Downloads\eror-tt-ap.xlsx
2015-02-16 21:19 - 2015-02-16 21:19 - 00001970 _____ () C:\Users\Toto\Documents\apprint.sql
2015-02-15 15:33 - 2015-02-15 16:42 - 00002960 _____ () C:\Users\Toto\Documents\laporan hutang.sql
2015-02-14 21:56 - 2015-02-14 23:26 - 00000838 _____ () C:\Users\Toto\Documents\ap_print.sql
2015-02-14 17:23 - 2015-02-14 17:23 - 01750032 _____ () C:\Users\Mama\Downloads\iLividSetup-r1939-n-bf.exe
2015-02-14 17:21 - 2015-02-14 17:22 - 00796328 _____ (Aff) C:\Users\Mama\Downloads\FlvPlayerSetup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-16 17:40 - 2014-08-30 08:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 17:37 - 2014-11-27 06:47 - 00396744 _____ () C:\Windows\setupact.log
2015-03-16 17:37 - 2009-07-14 11:34 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 17:37 - 2009-07-14 11:34 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 17:33 - 2014-08-29 20:06 - 01135772 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 17:30 - 2014-09-06 11:55 - 00000344 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-03-16 17:30 - 2014-08-30 09:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 17:30 - 2014-08-29 20:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-16 17:30 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 06:58 - 2014-08-30 09:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 18:34 - 2014-08-30 09:19 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-15 16:28 - 2014-11-28 04:05 - 00000000 ____D () C:\Users\Nabilah\AppData\Local\Pokki
2015-03-15 16:27 - 2014-11-28 04:05 - 00002279 _____ () C:\Users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-15 15:52 - 2014-11-15 15:18 - 00000000 ____D () C:\Users\Nabilah\AppData\Roaming\Skype
2015-03-15 15:43 - 2014-08-30 08:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-15 15:43 - 2014-08-30 08:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 15:40 - 2014-11-28 03:55 - 00012208 _____ () C:\Windows\PFRO.log
2015-03-15 15:21 - 2014-08-29 20:08 - 00870052 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 21:56 - 2014-10-30 11:47 - 00163256 _____ () C:\Users\Mahisa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-14 19:19 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-14 19:15 - 2014-10-30 10:05 - 00000000 ____D () C:\Users\Mahisa\AppData\Roaming\Adobe
2015-03-13 07:41 - 2014-08-31 18:16 - 00000000 ____D () C:\Users\Toto\AppData\Local\CrashDumps
2015-03-12 11:51 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 22:17 - 2015-01-18 01:32 - 00000000 ____D () C:\Users\Toto\Documents\Caca
2015-03-11 22:17 - 2014-11-21 07:29 - 00000000 ____D () C:\Users\Toto\Documents\Via
2015-03-11 21:01 - 2009-07-14 11:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-11 20:22 - 2014-10-30 23:52 - 00000000 ____D () C:\Windows\Msagent
2015-03-11 20:22 - 2014-10-26 08:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-11 20:22 - 2014-09-06 10:38 - 00000000 ____D () C:\Program Files\American Conquest
2015-03-11 20:16 - 2009-07-14 11:33 - 00554168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 11:55 - 2014-08-29 23:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 11:55 - 2009-07-14 09:04 - 00000615 _____ () C:\Windows\win.ini
2015-03-11 11:43 - 2014-08-30 12:55 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 11:43 - 2014-08-30 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 07:01 - 2014-12-23 13:12 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-11 07:01 - 2014-12-23 13:12 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-11 07:01 - 2014-12-23 13:12 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-11 07:01 - 2014-12-23 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-10 23:50 - 2014-08-29 20:06 - 00000000 ____D () C:\Users\Toto
2015-03-10 21:07 - 2014-08-30 00:19 - 00001072 _____ () C:\Windows\ODBC.INI
2015-03-10 09:42 - 2014-09-02 14:20 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\Adobe
2015-03-07 13:45 - 2014-09-09 17:14 - 00163256 _____ () C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-06 18:03 - 2015-01-27 09:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-06 12:02 - 2014-09-30 09:08 - 00000000 ____D () C:\Users\Mama\AppData\Local\CrashDumps
2015-03-04 15:11 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\tracing
2015-03-04 13:10 - 2014-09-14 21:49 - 00000000 ____D () C:\Users\Nabilah\AppData\Roaming\Adobe
2015-03-04 13:08 - 2014-08-31 07:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-04 13:08 - 2014-08-31 07:26 - 00000000 ____D () C:\Program Files\Adobe
2015-03-01 14:50 - 2015-02-02 22:45 - 00021108 _____ () C:\Users\Toto\Documents\spVPaymentPrintPB.sql
2015-02-26 23:00 - 2014-08-29 21:28 - 00163256 _____ () C:\Users\Toto\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-25 15:51 - 2014-11-24 19:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-25 14:02 - 2014-09-30 17:29 - 00163256 _____ () C:\Users\Nabilah\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 03:23 - 2014-08-30 00:26 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 21:20 - 2014-10-26 07:59 - 00000000 ____D () C:\Users\Toto\Downloads\tag
2015-02-18 11:32 - 2009-07-14 11:53 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 10:20 - 2014-11-24 20:35 - 00000000 ____D () C:\Users\Nabilah\AppData\Local\CrashDumps
2015-02-14 07:58 - 2015-02-13 23:17 - 00001568 _____ () C:\Users\Toto\Documents\IMPORT AR_AP.sql
 
==================== Files in the root of some directories =======
 
2015-03-14 19:15 - 2015-03-15 16:44 - 0000020 _____ () C:\Users\Mahisa\AppData\Roaming\appdataFr3.bin
2014-08-29 23:35 - 2014-08-30 13:16 - 0002037 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Nabilah\AppData\Local\Temp\aacdec.exe
C:\Users\Nabilah\AppData\Local\Temp\burnsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Nabilah\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5477.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5503.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5669.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct6BE0.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct6C2E.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct7011.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct8852.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octA3FD.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octA813.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octAC84.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octB363.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octC516.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octC77D.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octD4CC.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octDBED.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octDC.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octE5AE.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octF26A.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octF557.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\prismsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\SN.exe
C:\Users\Nabilah\AppData\Local\Temp\wpsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\x264enc5.exe
C:\Users\Toto\AppData\Local\Temp\CA8.exe
C:\Users\Toto\AppData\Local\Temp\FC0.exe
C:\Users\Toto\AppData\Local\Temp\ochelper.dll
C:\Users\Toto\AppData\Local\Temp\ochelper.exe
C:\Users\Toto\AppData\Local\Temp\svchost.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 10:56
 
==================== End Of Log ============================

Attached Files


Edited by Ugoki, 16 March 2015 - 06:59 AM.


BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 16 March 2015 - 09:03 AM

Hello Ugoki and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 16 March 2015 - 09:43 AM

Do you use antivirus Baidu ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 16 March 2015 - 09:53 AM

Do you use antivirus Baidu ?

 

Hmm, I don't think so. I looked at my Start - All Programs and my uninstall program list and I don't see Baidu there.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 16 March 2015 - 10:48 AM

 

Do you use antivirus Baidu ?

 
Hmm, I don't think so. I looked at my Start - All Programs and my uninstall program list and I don't see Baidu there.

 

 

R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

Running at boot.
-----------------------------------------------------------------------------------------------------------------------------------
 
Uninstall/remove all entries related to 10Bit or Advanced System Care, that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
------------------------------------------------------------------------------------------------------------------------------------
Uninstalling a Program using Add/Remove Program
I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Advanced SystemCare
AskPartnerNetwork
McAfee Security Scan Plus
Magnifier for Facebook
Facebook Share Button
EnJOyCouponn
NetoCouPoon
NoMore Ads
Search App by Ask
UpgraderSystem
youtubeadblocker
C:\Program Files\Magnifier for Facebook
C:\Program Files\EnJOyCouponn
C:\Program Files\Fuun2Savei
C:\Program Files\NetoCouPoon

  • Reboot your computer

----------------------------------------------------------------------------------

 Ensure your external and/or USB drives are inserted during the scan

Step 1:
 FRST Script:
 Please download this attached txt.gif  fixlist.txt   10.1KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 17 March 2015 - 07:39 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Mahisa at 2015-03-17 17:54:30 Run:1
Running from C:\Users\Mahisa\Downloads
Loaded Profiles: UpdatusUser & Mahisa (Available profiles: Toto & UpdatusUser & Mama & Mahisa & Nabilah)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
 
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949080 2014-12-20] (APN)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com/?fr=mkg029
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com/?fr=mkg029
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=455&src=ds&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: BestPricesApp -> {59144afe-deef-47dc-adfc-cbed2441ccad} -> C:\Program Files\BestPricesApp\XDqFY2mO49cBhC.dll [2015-03-06] ()
BHO: youtubeadblocker -> {92e5b04a-dfba-483b-8fda-b7b88c4fb0ed} -> C:\Program Files\youtubeadblocker\ABcJmpZCwHxgCN.dll No File
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO: EnJOyCouponn -> {eaeb9088-69e3-4795-a148-43226335b8a2} -> C:\Program Files\EnJOyCouponn\2dvk2OWUsUdpGT.dll 
FF user.js: detected! => C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\user.js [2014-11-15]
FF SearchPlugin: C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\searchplugins\ask-search.xml 
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-08-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-01-11]
FF HKU\S-1-5-21-517392967-1551009814-2007856128-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\internal-nacl-plugin No File
CHR Extension: (YouTube) - C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-08-30]
CHR HKLM\...\Chrome\Extension: [mahgaopgbalgbfohkikbdjfmaapiehaf] - C:\Users\Nabilah\AppData\Local\CRE\mahgaopgbalgbfohkikbdjfmaapiehaf.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2014-12-19] (APN LLC.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S1 pmjnfvll; \??\C:\Windows\system32\drivers\pmjnfvll.sys [X]
2015-03-13 21:30 - 2015-03-13 21:30 - 00000000 ____D () C:\Program Files\Magnifier for Facebook
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Program Files\EnJOyCouponn
2015-03-13 07:41 - 2015-03-13 07:41 - 00000000 ____D () C:\Program Files\Fuun2Savei
2015-03-13 07:40 - 2015-03-13 07:40 - 00000000 ____D () C:\Program Files\NetoCouPoon
2015-03-11 21:06 - 2015-03-11 21:06 - 00000000 ____D () C:\ProgramData\NoMore Ads
2015-03-06 20:45 - 2015-03-06 20:45 - 01150816 _____ () C:\Users\Toto\Downloads\WhatsApp(1).exe
2015-03-06 20:43 - 2015-03-07 18:46 - 00000000 ____D () C:\ProgramData\{9ab85407-892d-dd7b-9ab8-85407892501e}
2015-03-06 20:43 - 2015-03-06 20:43 - 00000000 ____D () C:\ProgramData\klakgdenjeemhdpfajojmoebehmadmkb
2015-03-06 20:33 - 2015-03-06 20:33 - 00000000 ____D () C:\Program Files\Facebook Share Button (by Shareaholic)
2015-03-06 20:33 - 2015-03-06 20:33 - 00000000 ____D () C:\Program Files\BestPricesApp
2015-03-06 20:32 - 2015-03-13 21:30 - 00000000 ____D () C:\ProgramData\1865485668820764484
2015-03-06 20:32 - 2015-03-06 20:32 - 00000000 ____D () C:\ProgramData\inhiepbfhoefabbgolpnehcejgjkdlga
2015-03-06 20:32 - 2015-03-06 20:32 - 00000000 ____D () C:\ProgramData\{c2effbd3-7c3d-10c6-c2ef-ffbd37c3ef4d}
2015-03-06 18:08 - 2015-03-06 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-06 18:08 - 2015-03-06 18:08 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-04 13:09 - 2015-03-06 18:08 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-04 13:09 - 2015-03-06 18:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
C:\Users\Nabilah\AppData\Local\Temp\aacdec.exe
C:\Users\Nabilah\AppData\Local\Temp\burnsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Nabilah\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5477.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5503.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct5669.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct6BE0.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct6C2E.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct7011.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\oct8852.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octA3FD.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octA813.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octAC84.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octB363.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octC516.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octC77D.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octD4CC.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octDBED.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octDC.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octE5AE.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octF26A.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\octF557.tmp.exe
C:\Users\Nabilah\AppData\Local\Temp\prismsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\SN.exe
C:\Users\Nabilah\AppData\Local\Temp\wpsetup.exe
C:\Users\Nabilah\AppData\Local\Temp\x264enc5.exe
C:\Users\Toto\AppData\Local\Temp\CA8.exe
C:\Users\Toto\AppData\Local\Temp\FC0.exe
C:\Users\Toto\AppData\Local\Temp\ochelper.dll
C:\Users\Toto\AppData\Local\Temp\ochelper.exe
C:\Users\Toto\AppData\Local\Temp\svchost.exe
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:EC889888
CustomCLSID: HKU\S-1-5-21-517392967-1551009814-2007856128-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Temp\35CefBf.exe No File
CustomCLSID: HKU\S-1-5-21-517392967-1551009814-2007856128-1006_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mahisa\AppData\Local\Temp\35CefBf.exe No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
 
 
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" => File/Directory not found.
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found. 
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found. 
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59144afe-deef-47dc-adfc-cbed2441ccad} => Key not found. 
"HKCR\CLSID\{59144afe-deef-47dc-adfc-cbed2441ccad}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92e5b04a-dfba-483b-8fda-b7b88c4fb0ed} => Key not found. 
"HKCR\CLSID\{92e5b04a-dfba-483b-8fda-b7b88c4fb0ed}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found. 
"HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eaeb9088-69e3-4795-a148-43226335b8a2} => Key not found. 
HKCR\CLSID\{eaeb9088-69e3-4795-a148-43226335b8a2} => Key not found. 
C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\user.js => Moved successfully.
"FF SearchPlugin: C:\Users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\searchplugins\ask-search.xml" => not found.
C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml => Moved successfully.
HKU\S-1-5-21-517392967-1551009814-2007856128-1006\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found.
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\internal-nacl-plugin No File not found.
C:\Users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => Key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj" => Key deleted successfully.
C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf" => Key deleted successfully.
C:\Users\Nabilah\AppData\Local\CRE\mahgaopgbalgbfohkikbdjfmaapiehaf.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae" => Key deleted successfully.
APNMCP => Service not found.
McComponentHostService => Service not found.
LiveUpdateSvc => Service deleted successfully.
pmjnfvll => Service deleted successfully.
"C:\Program Files\Magnifier for Facebook" => File/Directory not found.
"C:\Program Files\EnJOyCouponn" => File/Directory not found.
"C:\Program Files\Fuun2Savei" => File/Directory not found.
"C:\Program Files\NetoCouPoon" => File/Directory not found.
C:\ProgramData\NoMore Ads => Moved successfully.
C:\Users\Toto\Downloads\WhatsApp(1).exe => Moved successfully.
C:\ProgramData\{9ab85407-892d-dd7b-9ab8-85407892501e} => Moved successfully.
C:\ProgramData\klakgdenjeemhdpfajojmoebehmadmkb => Moved successfully.
"C:\Program Files\Facebook Share Button (by Shareaholic)" => File/Directory not found.
"C:\Program Files\BestPricesApp" => File/Directory not found.
C:\ProgramData\1865485668820764484 => Moved successfully.
C:\ProgramData\inhiepbfhoefabbgolpnehcejgjkdlga => Moved successfully.
C:\ProgramData\{c2effbd3-7c3d-10c6-c2ef-ffbd37c3ef4d} => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => File/Directory not found.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => File/Directory not found.
"C:\ProgramData\McAfee Security Scan" => File/Directory not found.
C:\Users\Nabilah\AppData\Local\Temp\aacdec.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\burnsetup.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\GoogleSetup.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\Intel_Technology_Access_Software.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct5477.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct5503.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct5669.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct6BE0.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct6C2E.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct7011.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\oct8852.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octA3FD.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octA813.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octAC84.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octB363.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octC516.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octC77D.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octD4CC.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octDBED.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octDC.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octE5AE.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octF26A.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\octF557.tmp.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\SN.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\wpsetup.exe => Moved successfully.
C:\Users\Nabilah\AppData\Local\Temp\x264enc5.exe => Moved successfully.
C:\Users\Toto\AppData\Local\Temp\CA8.exe => Moved successfully.
C:\Users\Toto\AppData\Local\Temp\FC0.exe => Moved successfully.
C:\Users\Toto\AppData\Local\Temp\ochelper.dll => Moved successfully.
C:\Users\Toto\AppData\Local\Temp\ochelper.exe => Moved successfully.
C:\Users\Toto\AppData\Local\Temp\svchost.exe => Moved successfully.
Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
BprotectEx => Service deleted successfully.
C:\ProgramData\TEMP => ":EC889888" ADS removed successfully.
HKU\S-1-5-21-517392967-1551009814-2007856128-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} => Key not found. 
"HKU\S-1-5-21-517392967-1551009814-2007856128-1006_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{963F87FB-772C-4023-B2C2-131CE405E064} canceled.
{0B56E281-DD09-499C-AE5A-04CB3E642B61} canceled.
{9F71C605-1616-4139-B087-5C2832BC5E46} canceled.
3 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:58:05 ====
 
# AdwCleaner v4.112 - Logfile created 17/03/2015 at 18:03:32
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Mahisa - TOTO-PC
# Running from : C:\Users\Mahisa\Desktop\adwcleaner_4.112.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi
File Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\searchplugins\astromenda.xml
File Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\user.js
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mahgaopgbalgbfohkikbdjfmaapiehaf_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi
File Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\ask-search.xml
File Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\astromenda.xml
File Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\mystartsearch.xml
File Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\user.js
File Found : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Toto\AppData\Roaming\Mozilla\Firefox\Profiles\bxahdgh3.default\searchplugins\ask-web-search.xml
Folder Found : C:\Program Files\Adblocker
Folder Found : C:\Program Files\Adblocker
Folder Found : C:\Program Files\AskPartnerNetwork
Folder Found : C:\Program Files\pRiccechop
Folder Found : C:\Program Files\pRiccechop
Folder Found : C:\Program Files\WaInterEnhance
Folder Found : C:\Program Files\XTab
Folder Found : C:\ProgramData\19e38954ffa4c744
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\baidu
Folder Found : C:\ProgramData\f0f30d0400007f4c
Folder Found : C:\ProgramData\gadkcgdhognjbonamflbmpfplkinbbdb
Folder Found : C:\ProgramData\gadkcgdhognjbonamflbmpfplkinbbdb
Folder Found : C:\ProgramData\gadkcgdhognjbonamflbmpfplkinbbdb
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\mdcaiodmecciiogfdemldalieknjmnom
Folder Found : C:\ProgramData\mdcaiodmecciiogfdemldalieknjmnom
Folder Found : C:\ProgramData\mdcaiodmecciiogfdemldalieknjmnom
Folder Found : C:\ProgramData\pRiccechop
Folder Found : C:\ProgramData\pRiccechop
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Mahisa\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Mahisa\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Mahisa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Mahisa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Mahisa\AppData\Local\torch
Folder Found : C:\Users\Mahisa\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Mama\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Mama\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Mama\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
Folder Found : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Found : C:\Users\Mama\AppData\Local\torch
Folder Found : C:\Users\Mama\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f}
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\c@07PzMd.com
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\hSJ@UfMF70AG.com
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\IbWsq3wayq@7.edu
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\UjM@SSKUPmI5.com
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\y2@yBqbqiD.edu
Folder Found : C:\Users\Nabilah\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Nabilah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Nabilah\AppData\Local\globalUpdate
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaidfbdgljpnghcghbjdcdomkllobom
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaidfbdgljpnghcghbjdcdomkllobom
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Folder Found : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Folder Found : C:\Users\Nabilah\AppData\Local\NativeMessaging
Folder Found : C:\Users\Nabilah\AppData\Local\Tbccint
Folder Found : C:\Users\Nabilah\AppData\Local\torch
Folder Found : C:\Users\Nabilah\AppData\Local\webplayer
Folder Found : C:\Users\Nabilah\AppData\LocalLow\App Lid
Folder Found : C:\Users\Nabilah\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Nabilah\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f}
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\c@07PzMd.com
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\faststartff@gmail.com
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\fftoolbar2014@etech.com
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\IbWsq3wayq@7.edu
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\UjM@SSKUPmI5.com
Folder Found : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\y2@yBqbqiD.edu
Folder Found : C:\Users\Nabilah\AppData\Roaming\mystartsearch
Folder Found : C:\Users\Nabilah\AppData\Roaming\RHEng
Folder Found : C:\Users\Toto\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Toto\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Toto\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Toto\AppData\Local\DriverToolkit
Folder Found : C:\Users\Toto\AppData\Local\globalUpdate
Folder Found : C:\Users\Toto\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\Toto\AppData\Local\torch
Folder Found : C:\Users\Toto\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Toto\AppData\Roaming\EZDownloader
Folder Found : C:\Users\Toto\AppData\Roaming\FirefoxToolbar
Folder Found : C:\Users\Toto\AppData\Roaming\Mozilla\Firefox\Profiles\bxahdgh3.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
Folder Found : C:\Users\Toto\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Toto\AppData\Roaming\RHEng
Folder Found : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Found : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Found : C:\Users\UpdatusUser\AppData\Local\torch
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\Software\Radio Canyon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Description
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Found : HKLM\SOFTWARE\SmdmF
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v36.0.1 (x86 en-US)
 
[624alam9.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,Ask Search,default-search.net,DuckDuckGo,eBay,mystartsearch,Twitter,Wikipedia (en)");
[624alam9.default] - Line Found : user_pref("extensions.gXLQaWCl49ZoSiha.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A853130%2C%22ver%22%3A1%2C%22status%22%3A1%2C%[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[yfp1lhx8.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[yfp1lhx8.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1C[...]
[yfp1lhx8.default] - Line Found : user_pref("extensions.crossrider.bic", "14bb400aafb1451e065e42404e10903b");
[jqyofrpz.default] - Line Found : user_pref("browser.search.defaultenginename", "mystartsearch");
[jqyofrpz.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=CLM-SP&o=APN10930&pf=V7&trgb=FF&p2=%5EB1E%5EYYYYYY%5EYY%5EID&gct=hp&apn_ptnrs=%5EB1E&apn_dtid=%5EYYYYYY%5EYY%5EID&apn_dbr=ff_34.0[...]
[jqyofrpz.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
[jqyofrpz.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
[jqyofrpz.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[jqyofrpz.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[jqyofrpz.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1C[...]
[jqyofrpz.default] - Line Found : user_pref("extensions.crossrider.bic", "149fc0a5a6372ba100214adbb6073a7d");
[bxahdgh3.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Amazon.com,default-search.net,DuckDuckGo,eBay,mystartsearch,Twitter");
[bxahdgh3.default] - Line Found : user_pref("browser.search.selectedEngine", "Ask Web Search");
[bxahdgh3.default] - Line Found : user_pref("extensions.gXLQaWCl49ZoSiha.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":223900172,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223900173,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.prev", "Google");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.savedPrev", "true");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.savedPrev", "true");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.savedPrev", "true");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&p2=^HJ^xdm007^S12302^id&si=CNz[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.savedPrev", 1);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.tb", 1);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.version.last", "36.0");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.85.6.15750");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&p2=^HJ^xdm007^S12302^id&si=CNzblYzqk8QCFRYOjgodfJ[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.guardType", "HPR");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2015030608");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^S12302^id");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CNzblYzqk8QCFRYOjgodfJAAdw");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://free.videodownloadconverter.com/install_pixels.jhtml?partner=^HJ^xdm007^S12302^id&coId=173f31436a944ea7bee382700383c[...]
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "49412FF7-2428-44CB-BBE0-E48868440D96");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1426549900740");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.85.6.15750");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://free.videodownloadconverter.com/installComplete.jhtml");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbar.ownSearch", false);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[bxahdgh3.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[bxahdgh3.default] - Line Found : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&ind=2015030608&p2=^HJ^xdm007^S12302^id&si=CNzblYzqk8QCFRYOjgodfJAAdw&s[...]
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3895&r=2015/01/11&hid=11947367230157136891&lg=EN&cc=ID&unqvl=74
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.flyandsearch.info/?l=1&q={searchTerms}&pid=724&r=2014/08/31&hid=11947367230157136891&lg=EN&cc=ID
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtDtDyB0FtDtDyCtGtDzzyE0FtGtAyCzztBtGyE0EtBzytGtDyByD0C0CyCzy0DyCtA0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0F0D0E0EyDtDyCtG0BtCtAyEtGyEtBtB0CtG0A0D0DyBtGtC0DyEtAyD0A0DzyyCtA0EtB2Q&cr=360526991&ir=
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
*************************
 
AdwCleaner[R0].txt - [28564 bytes] - [17/03/2015 18:03:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28624 bytes] ##########
 
# AdwCleaner v4.112 - Logfile created 17/03/2015 at 18:05:46
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Mahisa - TOTO-PC
# Running from : C:\Users\Mahisa\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\pRiccechop
Folder Deleted : C:\ProgramData\19e38954ffa4c744
Folder Deleted : C:\ProgramData\f0f30d0400007f4c
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\XTab
Folder Deleted : C:\Program Files\WaInterEnhance
Folder Deleted : C:\Program Files\Adblocker
Folder Deleted : C:\Program Files\pRiccechop
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Mahisa\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Mahisa\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Mahisa\AppData\Local\torch
Folder Deleted : C:\Users\Mahisa\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Mama\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Mama\AppData\Local\torch
Folder Deleted : C:\Users\Mama\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Nabilah\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Nabilah\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Nabilah\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Nabilah\AppData\Local\Tbccint
Folder Deleted : C:\Users\Nabilah\AppData\Local\torch
Folder Deleted : C:\Users\Nabilah\AppData\Local\webplayer
Folder Deleted : C:\Users\Nabilah\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Nabilah\AppData\LocalLow\App Lid
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\mystartsearch
Folder Deleted : C:\Users\Toto\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Toto\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Toto\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Toto\AppData\Local\torch
Folder Deleted : C:\Users\Toto\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\Toto\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Toto\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Toto\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\Toto\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Toto\AppData\Roaming\RHEng
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\Toto\AppData\Roaming\Mozilla\Firefox\Profiles\bxahdgh3.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f}
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f}
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\fftoolbar2014@etech.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\c@07PzMd.com
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\c@07PzMd.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\hSJ@UfMF70AG.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\IbWsq3wayq@7.edu
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\IbWsq3wayq@7.edu
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\UjM@SSKUPmI5.com
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\UjM@SSKUPmI5.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\y2@yBqbqiD.edu
Folder Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\y2@yBqbqiD.edu
Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
Folder Deleted : C:\ProgramData\gadkcgdhognjbonamflbmpfplkinbbdb
Folder Deleted : C:\ProgramData\mdcaiodmecciiogfdemldalieknjmnom
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaidfbdgljpnghcghbjdcdomkllobom
[/!\] Not Deleted ( Junction ) : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaidfbdgljpnghcghbjdcdomkllobom
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Mahisa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Mama\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Nabilah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Toto\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Mahisa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Mama\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\Toto\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlbdffenghpcblildkmfblbimeaofkmj
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi
File Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi
File Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Toto\AppData\Roaming\Mozilla\Firefox\Profiles\bxahdgh3.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\user.js
File Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\user.js
File Deleted : C:\Users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\searchplugins\mystartsearch.xml
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mahgaopgbalgbfohkikbdjfmaapiehaf_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Deleted : C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Radio Canyon
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v36.0.1 (x86 en-US)
 
[624alam9.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,Ask Search,default-search.net,DuckDuckGo,eBay,mystartsearch,Twitter,Wikipedia (en)");
[624alam9.default\prefs.js] - Line Deleted : user_pref("extensions.gXLQaWCl49ZoSiha.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A853130%2C%22ver%22%3A1%2C%22status%22%3A1%2C%[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1C[...]
[yfp1lhx8.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14bb400aafb1451e065e42404e10903b");
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "mystartsearch");
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=CLM-SP&o=APN10930&pf=V7&trgb=FF&p2=%5EB1E%5EYYYYYY%5EYY%5EID&gct=hp&apn_ptnrs=%5EB1E&apn_dtid=%5EYYYYYY%5EYY%5EID&apn_dbr=ff_34.0[...]
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1C[...]
[jqyofrpz.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "149fc0a5a6372ba100214adbb6073a7d");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Amazon.com,default-search.net,DuckDuckGo,eBay,mystartsearch,Twitter");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.gXLQaWCl49ZoSiha.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":223900172,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223900173,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.prev", "Google");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.savedPrev", "true");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.savedPrev", "true");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.savedPrev", "true");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&p2=^HJ^xdm007^S12302^id&si=CNz[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.savedPrev", 1);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.tb", 1);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.version.last", "36.0");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.85.6.15750");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&p2=^HJ^xdm007^S12302^id&si=CNzblYzqk8QCFRYOjgodfJ[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.guardType", "HPR");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2015030608");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm007^S12302^id");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CNzblYzqk8QCFRYOjgodfJAAdw");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://free.videodownloadconverter.com/install_pixels.jhtml?partner=^HJ^xdm007^S12302^id&coId=173f31436a944ea7bee382700383c[...]
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "49412FF7-2428-44CB-BBE0-E48868440D96");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1426549900740");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.85.6.15750");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://free.videodownloadconverter.com/installComplete.jhtml");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbar.ownSearch", false);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[bxahdgh3.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=49412FF7-2428-44CB-BBE0-E48868440D96&n=781aed50&ind=2015030608&p2=^HJ^xdm007^S12302^id&si=CNzblYzqk8QCFRYOjgodfJAAdw&s[...]
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3895&r=2015/01/11&hid=11947367230157136891&lg=EN&cc=ID&unqvl=74
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.flyandsearch.info/?l=1&q={searchTerms}&pid=724&r=2014/08/31&hid=11947367230157136891&lg=EN&cc=ID
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtDtDyB0FtDtDyCtGtDzzyE0FtGtAyCzztBtGyE0EtBzytGtDyByD0C0CyCzy0DyCtA0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0F0D0E0EyDtDyCtG0BtCtAyEtGyEtBtB0CtG0A0D0DyBtGtC0DyEtAyD0A0DzyyCtA0EtB2Q&cr=360526991&ir=
 
-\\ Comodo Dragon v
 
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3895&r=2015/01/11&hid=11947367230157136891&lg=EN&cc=ID&unqvl=74
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.flyandsearch.info/?l=1&q={searchTerms}&pid=724&r=2014/08/31&hid=11947367230157136891&lg=EN&cc=ID
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtDtDyB0FtDtDyCtGtDzzyE0FtGtAyCzztBtGyE0EtBzytGtDyByD0C0CyCzy0DyCtA0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0F0D0E0EyDtDyCtG0BtCtAyEtGyEtBtB0CtG0A0D0DyBtGtC0DyEtAyD0A0DzyyCtA0EtB2Q&cr=360526991&ir=
 
-\\ Chrome Canary v
 
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3895&r=2015/01/11&hid=11947367230157136891&lg=EN&cc=ID&unqvl=74
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420968119&from=smt&uid=ST3250318AS_5VMGX807XXXX5VMGX807&q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.flyandsearch.info/?l=1&q={searchTerms}&pid=724&r=2014/08/31&hid=11947367230157136891&lg=EN&cc=ID
[C:\Users\Toto\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_43_ff&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0AyEtDtCzz0AyC0AtCtD0FtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtDtDyB0FtDtDyCtGtDzzyE0FtGtAyCzztBtGyE0EtBzytGtDyByD0C0CyCzy0DyCtA0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0F0D0E0EyDtDyCtG0BtCtAyEtGyEtBtB0CtG0A0D0DyBtGtC0DyEtAyD0A0DzyyCtA0EtB2Q&cr=360526991&ir=
 
*************************
 
AdwCleaner[R0].txt - [28704 bytes] - [17/03/2015 18:03:32]
AdwCleaner[S0].txt - [34771 bytes] - [17/03/2015 18:05:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34831  bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x86
Ran by Mahisa on Tue 03/17/2015 at 18:12:09.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\Tasks\DriverToolkit Autorun
Successfully deleted: [File] C:\Windows\Tasks\DriverToolkit Autorun.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Mahisa\AppData\Roaming\baidu security"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Mahisa\AppData\Roaming\mozilla\firefox\profiles\624alam9.default\prefs.js
 
user_pref("extensions.3O0yx6tZyZVGtzzf.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"tria
user_pref("extensions.S7cvkT3eaBvas5UA.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"tria
user_pref("extensions.kztPtbn1sERUNogB.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjk9qHaHqdU8pjY4pjrHrHaGqTk\")>-1){return;}}catch(e){}try{var d=[[\"tria
user_pref("extensions.kztPtbn1sERUNogB.url", "hxxp://getsrv.info/sync2/?q=hfZ9ofV9CShEAen0rTs8pjCMg708BNmGWj8tmchGheDUojw8rdrEqTwHrHrGrihIC7n0rjkErHw9rjnFpdwGtNhVCT94tMVKhd9Gq
Emptied folder: C:\Users\Mahisa\AppData\Roaming\mozilla\firefox\profiles\624alam9.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/17/2015 at 18:13:46.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/15/2015
Scan Time: 3:10:38 PM
Logfile: m.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mahisa
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 526207
Time Elapsed: 27 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ComboFix 15-03-14.03 - Mahisa 03/17/2015  18:55:57.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3583.2555 [GMT 7:00]
Running from: c:\users\Mahisa\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\fd\PKL\Referensi 4\1\source(revisi)\daftar lampirn\Desktop_1.ini
c:\fd\PKL\Referensi 4\1\source(revisi)\Desktop_1.ini
c:\fd\PKL\Referensi 4\1\source(revisi)\ed\Desktop_1.ini
c:\fd\PKL\Referensi 4\3\Desktop_1.ini
c:\fd\PKL\Referensi 4\3\lampiran\Desktop_1.ini
c:\fd\PKL\Referensi 4\4\Desktop_1.ini
c:\fd\PKL\Referensi 4\4\laporan\Desktop_1.ini
c:\fd\PKL\Referensi 4\4\outline\Desktop_1.ini
c:\fd\PKL\Referensi 4\6\Desktop_1.ini
c:\fd\PKL\Referensi 4\6\laporan PKL fix\Desktop_1.ini
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg\165\manifest.json
c:\users\Mahisa\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\background.html
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\content.js
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\lsdb.js
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\manifest.json
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\OmeS2.js
c:\users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Ax8@mkoTVxN.com
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Ax8@mkoTVxN.com\bootstrap.js
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Ax8@mkoTVxN.com\chrome.manifest
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Ax8@mkoTVxN.com\content\bg.js
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Ax8@mkoTVxN.com\install.rdf
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Za7@m.net
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Za7@m.net\bootstrap.js
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Za7@m.net\chrome.manifest
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Za7@m.net\content\bg.js
c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yfp1lhx8.default\extensions\Za7@m.net\install.rdf
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\background.html
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\content.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\lsdb.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\manifest.json
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjdheomplehjdgpjenoamnhhkcenlkf\142\OmeS2.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\142\manifest.json
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\141\content.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\141\lsdb.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\141\manifest.json
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\141\PQqH6.js
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg\000003.log
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg\CURRENT
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg\LOCK
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg\LOG
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkdgpjpmmhlkihohoconiejmgamcdlg\MANIFEST-000002
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf\000003.log
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf\CURRENT
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf\LOCK
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf\LOG
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnkijcihjiopdcfliikldphgdjadekf\MANIFEST-000002
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd\000003.log
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd\CURRENT
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd\LOCK
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd\LOG
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joklaanepklgganbdpelglgmibonaffd\MANIFEST-000002
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afhbahmnhkljfliababggdalcollfmnh_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afhbahmnhkljfliababggdalcollfmnh_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjdheomplehjdgpjenoamnhhkcenlkf_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjdheomplehjdgpjenoamnhhkcenlkf_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amkdgpjpmmhlkihohoconiejmgamcdlg_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amkdgpjpmmhlkihohoconiejmgamcdlg_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmfnoeehkplfpheinekhhilaefdkbkmn_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmfnoeehkplfpheinekhhilaefdkbkmn_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpplabbmogkhghncfbfdeeokoefdjegm_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpplabbmogkhghncfbfdeeokoefdjegm_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jnnkijcihjiopdcfliikldphgdjadekf_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jnnkijcihjiopdcfliikldphgdjadekf_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joklaanepklgganbdpelglgmibonaffd_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joklaanepklgganbdpelglgmibonaffd_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
c:\users\Nabilah\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Nabilah\AppData\Local\nsp8352.tmp
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Ax8@mkoTVxN.com
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Ax8@mkoTVxN.com\bootstrap.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Ax8@mkoTVxN.com\chrome.manifest
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Ax8@mkoTVxN.com\content\bg.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Ax8@mkoTVxN.com\install.rdf
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\staged\hSJ@UfMF70AG.com
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\staged\hSJ@UfMF70AG.com\bootstrap.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\staged\hSJ@UfMF70AG.com\chrome.manifest
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\staged\hSJ@UfMF70AG.com\content\bg.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\staged\hSJ@UfMF70AG.com\install.rdf
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Za7@m.net
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Za7@m.net\bootstrap.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Za7@m.net\chrome.manifest
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Za7@m.net\content\bg.js
c:\users\Nabilah\AppData\Roaming\Mozilla\Firefox\Profiles\jqyofrpz.default\extensions\Za7@m.net\install.rdf
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh\000005.log
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh\CURRENT
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh\LOCK
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh\LOG
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afhbahmnhkljfliababggdalcollfmnh\MANIFEST-000004
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn\000005.log
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn\CURRENT
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn\LOCK
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn\LOG
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmfnoeehkplfpheinekhhilaefdkbkmn\MANIFEST-000004
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afhbahmnhkljfliababggdalcollfmnh_0.localstorage-journal
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afhbahmnhkljfliababggdalcollfmnh_0.localstorage
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmfnoeehkplfpheinekhhilaefdkbkmn_0.localstorage-journal
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmfnoeehkplfpheinekhhilaefdkbkmn_0.localstorage
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hmooaemjmediafeacjplpbpenjnpcneg_0.localstorage-journal
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hmooaemjmediafeacjplpbpenjnpcneg_0.localstorage
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_onehaeddejogkandjcgehmgcndffonie_0.localstorage-journal
c:\users\Toto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_onehaeddejogkandjcgehmgcndffonie_0.localstorage
c:\windows\system\CIABAR32.DLL
c:\windows\system32\X86
D:\autorun.inf
E:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-17 to 2015-03-17  )))))))))))))))))))))))))))))))
.
.
2015-03-17 12:06 . 2015-03-17 12:06 -------- d-----w- c:\users\Mahisa\AppData\Local\temp
2015-03-17 12:06 . 2015-03-17 12:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-17 11:03 . 2015-03-17 11:06 -------- d-----w- C:\AdwCleaner
2015-03-16 15:03 . 2015-03-16 15:53 -------- d-----w- c:\users\Mahisa\AppData\Roaming\vlc
2015-03-16 11:59 . 2015-03-16 12:06 -------- d-----w- C:\Retroarch
2015-03-16 10:45 . 2015-03-17 10:59 -------- d-----w- C:\FRST
2015-03-15 11:11 . 2015-03-15 11:11 -------- d-----w- c:\users\Mahisa\AppData\Local\ElevatedDiagnostics
2015-03-15 08:52 . 2015-03-15 08:52 20 ----a-w- c:\users\Nabilah\AppData\Roaming\appdataFr3.bin
2015-03-15 08:52 . 2015-03-15 08:52 114688 ------w- c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe
2015-03-15 08:10 . 2015-03-17 11:15 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-15 08:10 . 2015-03-15 08:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-15 08:10 . 2015-03-15 08:10 -------- d-----w- c:\programdata\Malwarebytes
2015-03-15 08:10 . 2014-11-20 23:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-15 08:10 . 2014-11-20 23:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-15 08:10 . 2014-11-20 23:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-15 07:41 . 2015-03-17 11:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-03-15 07:41 . 2015-03-17 11:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-03-15 07:39 . 2015-03-15 07:39 -------- d-----w- c:\users\Mahisa\AppData\Local\Programs
2015-03-14 12:15 . 2015-03-15 09:44 20 ----a-w- c:\users\Mahisa\AppData\Roaming\appdataFr3.bin
2015-03-14 12:15 . 2015-03-15 08:44 -------- d-----w- c:\users\Mahisa\AppData\Local\Adobe
2015-03-13 19:17 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D9B710-F06C-40DE-B923-48180C7F7BEA}\mpengine.dll
2015-03-11 03:38 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-03-10 02:42 . 2015-03-10 02:42 -------- d-----w- c:\users\Mama\AppData\Local\Adobe
2015-03-06 13:33 . 2015-03-06 13:44 -------- d-----w- c:\program files\IndepthEdit
2015-03-06 05:03 . 2015-03-06 05:03 455328 ----a-w- c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-06 05:03 . 2015-03-06 05:03 3466856 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-06 05:03 . 2015-03-06 05:03 169584 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-06 05:03 . 2015-03-06 05:03 970912 ----a-w- c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-04 06:45 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-03-04 06:45 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-03-04 06:45 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-03-04 06:02 . 2015-03-04 06:10 -------- d-----w- c:\users\Nabilah\AppData\Local\Adobe
2015-02-25 08:51 . 2015-02-25 08:51 -------- d-----w- c:\program files\Intel
2015-02-25 08:51 . 2015-02-25 08:55 -------- d-----w- c:\programdata\Intel
2015-02-25 08:51 . 2015-02-25 08:51 -------- d-----w- c:\program files\Intel Corporation
2015-02-25 06:48 . 2004-03-08 16:00 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2015-02-25 06:48 . 2015-02-25 06:48 -------- d-----w- c:\program files\TRYout TPA
2015-02-18 15:10 . 2015-02-18 15:10 -------- d-----w- c:\program files\FaceOffMax
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-15 08:43 . 2014-08-30 01:57 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-15 08:43 . 2014-08-30 01:57 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-23 20:23 . 2014-08-29 17:26 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 02:54 . 2015-02-11 09:19 482304 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 02:53 . 2015-02-11 09:19 621056 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 02:53 . 2015-02-11 09:19 325632 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 02:53 . 2015-02-11 09:19 767488 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 02:53 . 2015-02-11 09:19 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 02:53 . 2015-02-11 09:19 159744 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 02:49 . 2015-02-11 09:19 886784 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 09:19 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-19 02:43 . 2015-01-14 16:07 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 16:07 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2014-08-31 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Corel Graphics Suite 1117"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2002-07-03 315392]
.
c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
rbsgvxxt.exe [2015-3-15 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 iumsvc;Intel® Update Manager;c:\program files\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09 174368]
R3 MSSQL$SQLTOTO2000;MSSQL$SQLTOTO2000;c:\progra~1\MICROS~1\MSSQL$~2\binn\sqlservr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 ndisrd;Intel® Technology Access Filter Driver;c:\windows\system32\DRIVERS\ndisrfl.sys [2014-10-30 35544]
S2 Intel® TechnologyAccessService;Intel® Technology Access Service;c:\program files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [2015-02-08 75488]
S2 MSSEARCH;Microsoft Search;c:\program files\Common Files\System\MSSearch\Bin\mssearch.exe [2000-07-12 73728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-17 114904]
S3 NetTap60;Intel® Technology Access TAP Driver (NDIS 6.0);c:\windows\system32\DRIVERS\nettap60.sys [2014-10-30 42712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-08-29 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-15 11:33 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30 08:43]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-30 02:13]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-30 02:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
c:\users\Toto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WhatsApp.lnk - c:\programdata\{9ab85407-892d-dd7b-9ab8-85407892501e}\WhatsApp.exe --startup=1
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-ExpressBurn - c:\program files\NCH Software\ExpressBurn\expressburn.exe
AddRemove-GoldenVideos - c:\program files\NCH Software\GoldenVideos\goldenvideos.exe
AddRemove-Microsoft SQL Server 2000 (SQL2000) - c:\program files\Microsoft SQL Server\MSSQL$SQL2000\Uninst.isu
AddRemove-Microsoft SQL Server 2000 (SQLTOTO2000) - c:\program files\Microsoft SQL Server\MSSQL$SQLTOTO2000\Uninst.isu
AddRemove-PhotoStage - c:\program files\NCH Software\PhotoStage\photostage.exe
AddRemove-Prism - c:\program files\NCH Software\Prism\prism.exe
AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-17  19:08:19
ComboFix-quarantined-files.txt  2015-03-17 12:08
.
Pre-Run: 28,218,097,664 bytes free
Post-Run: 27,737,473,024 bytes free
.
- - End Of File - - 4D4D875E2D88D8A50D1EE5CD4DC51534
A36C5E4F47E84449FF07ED3517B43A31
 
Hmm, I think the MalwareBytes Scan Log there is the wrong one. I scanned it today and the latest log that existed came from two days ago. The scan today showed some results too.
 
Also, my computer got very laggy when it opened files or folders after using Combofix. Guess it turned off some of my services from what I could see from Task Manager. And did it delete some things from my Windows folder? 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 17 March 2015 - 08:21 AM

Hmm, I think the MalwareBytes Scan Log there is the wrong one. I scanned it today and the latest log that existed came from two days ago. The scan today showed some results too.
Also, my computer got very laggy when it opened files or folders after using Combofix. Guess it turned off some of my services from what I could see from Task Manager. And did it delete some things from my Windows folder?

Please try run Malwarebytes.  What does that mean laggy ?
is there a problem in the Folders   ? What is problem ?
----------------------------------------------------------------------------

------------------------------------------------------------------------------

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Please follow the below steps to disable "Teredo" and report whether it helps.
1- Open an elevated "command prompt"
http://www.bleepingcomputer.com/tuto...ommand-prompt/
2- Type the below commands exactly and press "Enter" key.
netsh interface teredo set state disabled
Reboot the system when completed.

----------------------------------------------------

Step 1:
:Run CFScript:

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached txt.gif  CFScript.txt   429bytes   0 downloads and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step 2:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3:

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Good day.

Attached Files


Edited by olgun52, 17 March 2015 - 08:28 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 18 March 2015 - 07:30 AM

ComboFix 15-03-14.03 - Mahisa 03/17/2015  20:53:55.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3583.2167 [GMT 7:00]
Running from: c:\users\Mahisa\Desktop\ComboFix.exe
Command switches used :: c:\users\Mahisa\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-17 to 2015-03-17  )))))))))))))))))))))))))))))))
.
.
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Toto\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Nabilah\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Mama\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 14:00 . 2015-03-17 14:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-03-17 12:08 . 2015-03-17 14:00 -------- d-----w- c:\users\Mahisa\AppData\Local\temp
2015-03-17 11:03 . 2015-03-17 11:06 -------- d-----w- C:\AdwCleaner
2015-03-16 11:59 . 2015-03-16 12:06 -------- d-----w- C:\Retroarch
2015-03-16 10:45 . 2015-03-17 10:59 -------- d-----w- C:\FRST
2015-03-15 11:11 . 2015-03-15 11:11 -------- d-----w- c:\users\Mahisa\AppData\Local\ElevatedDiagnostics
2015-03-15 08:52 . 2015-03-15 08:52 20 ----a-w- c:\users\Nabilah\AppData\Roaming\appdataFr3.bin
2015-03-15 08:52 . 2015-03-15 08:52 114688 ------w- c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe
2015-03-15 08:10 . 2015-03-17 12:22 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-15 08:10 . 2015-03-15 08:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-15 08:10 . 2015-03-15 08:10 -------- d-----w- c:\programdata\Malwarebytes
2015-03-15 08:10 . 2014-11-20 23:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-15 08:10 . 2014-11-20 23:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-15 08:10 . 2014-11-20 23:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-15 07:41 . 2015-03-17 11:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-03-15 07:41 . 2015-03-17 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-03-15 07:39 . 2015-03-15 07:39 -------- d-----w- c:\users\Mahisa\AppData\Local\Programs
2015-03-14 12:15 . 2015-03-15 09:44 20 ----a-w- c:\users\Mahisa\AppData\Roaming\appdataFr3.bin
2015-03-14 12:15 . 2015-03-15 08:44 -------- d-----w- c:\users\Mahisa\AppData\Local\Adobe
2015-03-13 19:17 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D9B710-F06C-40DE-B923-48180C7F7BEA}\mpengine.dll
2015-03-11 03:38 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-03-10 02:42 . 2015-03-10 02:42 -------- d-----w- c:\users\Mama\AppData\Local\Adobe
2015-03-06 13:33 . 2015-03-06 13:44 -------- d-----w- c:\program files\IndepthEdit
2015-03-06 05:03 . 2015-03-06 05:03 455328 ----a-w- c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-06 05:03 . 2015-03-06 05:03 3466856 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-06 05:03 . 2015-03-06 05:03 169584 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-06 05:03 . 2015-03-06 05:03 970912 ----a-w- c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-04 06:45 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-03-04 06:45 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-03-04 06:45 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-03-04 06:02 . 2015-03-04 06:10 -------- d-----w- c:\users\Nabilah\AppData\Local\Adobe
2015-02-25 08:51 . 2015-02-25 08:51 -------- d-----w- c:\program files\Intel
2015-02-25 08:51 . 2015-02-25 08:55 -------- d-----w- c:\programdata\Intel
2015-02-25 08:51 . 2015-02-25 08:51 -------- d-----w- c:\program files\Intel Corporation
2015-02-25 06:48 . 2004-03-08 16:00 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2015-02-25 06:48 . 2015-02-25 06:48 -------- d-----w- c:\program files\TRYout TPA
2015-02-18 15:10 . 2015-02-18 15:10 -------- d-----w- c:\program files\FaceOffMax
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-15 08:43 . 2014-08-30 01:57 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-15 08:43 . 2014-08-30 01:57 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-23 20:23 . 2014-08-29 17:26 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 02:54 . 2015-02-11 09:19 482304 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 02:53 . 2015-02-11 09:19 621056 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 02:53 . 2015-02-11 09:19 325632 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 02:53 . 2015-02-11 09:19 767488 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 02:53 . 2015-02-11 09:19 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 02:53 . 2015-02-11 09:19 159744 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 02:49 . 2015-02-11 09:19 886784 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 09:19 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-19 02:43 . 2015-01-14 16:07 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 16:07 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2014-08-31 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Corel Graphics Suite 1117"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2002-07-03 315392]
.
c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
rbsgvxxt.exe [2015-3-15 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 iumsvc;Intel® Update Manager;c:\program files\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09 174368]
R3 MSSQL$SQLTOTO2000;MSSQL$SQLTOTO2000;c:\progra~1\MICROS~1\MSSQL$~2\binn\sqlservr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 ndisrd;Intel® Technology Access Filter Driver;c:\windows\system32\DRIVERS\ndisrfl.sys [2014-10-30 35544]
S2 Intel® TechnologyAccessService;Intel® Technology Access Service;c:\program files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [2015-02-08 75488]
S2 MSSEARCH;Microsoft Search;c:\program files\Common Files\System\MSSearch\Bin\mssearch.exe [2000-07-12 73728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 NetTap60;Intel® Technology Access TAP Driver (NDIS 6.0);c:\windows\system32\DRIVERS\nettap60.sys [2014-10-30 42712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-08-29 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-15 11:33 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30 08:43]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-30 02:13]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-30 02:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mahisa\AppData\Roaming\Mozilla\Firefox\Profiles\624alam9.default\
FF - prefs.js: browser.search.selectedEngine - 
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-17  21:01:31
ComboFix-quarantined-files.txt  2015-03-17 14:01
ComboFix2.txt  2015-03-17 12:08
.
Pre-Run: 27,626,340,352 bytes free
Post-Run: 27,332,497,408 bytes free
.
- - End Of File - - 75C5808373413E697EE83D52A5D5153B
A36C5E4F47E84449FF07ED3517B43A31
 
Farbar Service Scanner Version: 17-01-2015
Ran by Mahisa (administrator) on 17-03-2015 at 21:07:11
Running from "C:\Users\Mahisa\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
And the ESET Online Scan just freezes at 99% without it scanning anymore files.
 
It found 18840 infected files though, the log saying Ramnit.A and Ramnit.H virus.

Edited by Ugoki, 18 March 2015 - 07:34 AM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 18 March 2015 - 02:26 PM

And the ESET Online Scan just freezes at 99% without it scanning anymore files.
It found 18840 infected files though, the log saying Ramnit.A and Ramnit.H virus.

Dr.Web CureIt run:

Ashampoo_Snap_2015.02.19_17h50m22s_001__

  • Please download Dr.Web CureIt! Free  antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 19 March 2015 - 07:07 AM

Uh, the log is too big to be attached so I zipped it first.

 

And I don't think I have an antivirus. Just Windows Defender.

Attached Files


Edited by Ugoki, 19 March 2015 - 07:10 AM.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 19 March 2015 - 07:54 AM

Please do the following.

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 19 March 2015 - 08:22 AM

Hmm, it says "file not found". I went to the address myself and I don't see the .exe. And "view hidden folders" is already on. Only desktop.ini exists in the folder.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 19 March 2015 - 08:36 AM

OTM run:
 
Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

Link1
Link2
Link3

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop might disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the "attached file"txt.gif  OTM Fix.txt   622bytes 0 downloads to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files and end at and include [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Ugoki

Ugoki
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 19 March 2015 - 08:58 AM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mahisa\Desktop\cmd.bat deleted successfully.
C:\Users\Mahisa\Desktop\cmd.txt deleted successfully.
File/Folder c:\users\Nabilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rbsgvxxt.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
 
User: HomeGroupUser$
->Temp folder emptied: 0 bytes
 
User: Mahisa
->Temp folder emptied: 67526 bytes
->Temporary Internet Files folder emptied: 944614 bytes
->FireFox cache emptied: 28882201 bytes
->Google Chrome cache emptied: 325686204 bytes
->Flash cache emptied: 602 bytes
 
User: Mama
->Temp folder emptied: 6437 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 11153768 bytes
->Google Chrome cache emptied: 277569111 bytes
->Flash cache emptied: 506 bytes
 
User: Nabilah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 70562554 bytes
->Google Chrome cache emptied: 255802750 bytes
->Flash cache emptied: 1365 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Toto
->Temp folder emptied: 14436 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 369274179 bytes
->Google Chrome cache emptied: 301747256 bytes
->Flash cache emptied: 1160 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166769 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,566.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03192015_205434


#15 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 19 March 2015 - 09:09 AM

Okay.

How is your compüter running and any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users