Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacker Mystartsearch.com


  • This topic is locked This topic is locked
31 replies to this topic

#1 keronkkumar

keronkkumar

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 26 March 2015 - 11:19 AM

Yesterday (3/25/2015) i did a malware scan and detected something like 200 malicious objects, I clean it out and repeat the scan and it was clean. Today (3/26/2015) i did another malware scan as soon as i logged in and found 12 more objects. When i open any browser the first thing i see is Mystartsearch.com but I cannot find it in my add or remove programs. i can post both yesterday and today malware log files if needed .

NOTE: Sadly i do not run a genuine copy of windows, and do not have any means of reinstalling windows.
I bought the computer at a price mart and was not given any window or driver CD'S, so when i took in my computer to a repair shop for repair, the tech guy had to install a non genuine copy of windows.

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 26-03-2015 12:02:32
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6749912 2015-02-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-07-05] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A360.lnk
ShortcutTarget: A360.lnk -> C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}\A360.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tc.lnk
ShortcutTarget: tc.lnk -> C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}\tc.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default
FF DefaultSearchEngine: mystartsearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://websearch.coolsearches.info/?pid=22673&r=2015/03/26&hid=13182728109114779670&lg=EN&cc=TT&unqvl=85&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: mystartsearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1291597386-3153512252-1289185995-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\artur.dubovoy@gmail.com [2015-03-16]
FF Extension: AtuZi - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\firefox@a-tu-zi.com.xpi [2014-06-30]
FF Extension: UnPlug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\unplug@compunach.xpi [2014-08-01]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-08-02]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-22]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427329271&from=wpc&uid=ST500DM002-1BD142_S2AKJZEMXXXXS2AKJZEM"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - Chrome.exe

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1427329271&from=wpc&uid=ST500DM002-1BD142_S2AKJZEMXXXXS2AKJZEM

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 5d8bc28e; "C:\Windows\system32\rundll32.exe" "c:\Program Files\AppendInit\AppendInit.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [85312 2013-05-28] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [178496 2013-05-28] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl4b1b0167; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2862C761-AB70-4A75-A14C-3F08C2CDE0D9}\MpKsl4b1b0167.sys [39464 2015-03-26] (Microsoft Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 12:02 - 2015-03-26 12:02 - 00016479 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-26 12:02 - 2015-03-26 12:02 - 00000000 ____D () C:\FRST
2015-03-26 11:57 - 2015-03-26 11:57 - 00000751 _____ () C:\Users\User\Desktop\Hijacker.txt
2015-03-26 11:23 - 2015-03-26 11:23 - 00044689 _____ () C:\malware3252015.txt
2015-03-26 11:20 - 2015-03-26 11:20 - 00002742 _____ () C:\malware3262015.txt
2015-03-26 11:06 - 2015-03-26 11:07 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-26 01:04 - 2015-03-26 01:33 - 00000000 ____D () C:\Users\User\Downloads\newvid
2015-03-25 21:14 - 2015-03-26 12:00 - 00061206 _____ () C:\Windows\PFRO.log
2015-03-25 20:30 - 2015-03-26 11:58 - 00000000 ____D () C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}
2015-03-25 20:28 - 2015-03-26 11:58 - 00000000 ____D () C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}
2015-03-25 20:18 - 2015-03-25 21:11 - 00000000 ____D () C:\Program Files\AppendInit
2015-03-25 20:17 - 2015-03-25 21:10 - 00000000 ____D () C:\Program Files\Zendesk Activity Stream
2015-03-25 20:15 - 2015-03-25 20:15 - 00000000 ____D () C:\ProgramData\55787553407116426
2015-03-25 20:13 - 2015-03-26 11:18 - 00000000 ____D () C:\ProgramData\{dcbaa981-98bc-7324-dcba-aa98198ba606}
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation-2.flv
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation-1.flv
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation.flv
2015-03-22 21:05 - 2015-03-22 21:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 02:12 - 2015-03-20 02:12 - 00721112 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2015-03-20 02:12 - 2015-03-20 02:12 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-03-19 15:58 - 2015-03-19 15:58 - 00000000 ____D () C:\Users\User\Downloads\elena_amt
2015-03-19 13:18 - 2015-03-19 14:07 - 2631344536 _____ () C:\Users\User\Documents\clip0027.avi
2015-03-17 20:29 - 2015-03-17 20:33 - 00000000 ____D () C:\Users\User\Downloads\ATB_1024
2015-03-17 20:28 - 2015-03-17 20:31 - 00000000 ____D () C:\Users\User\Downloads\ATB_1401
2015-03-17 04:15 - 2015-03-17 04:15 - 00000294 _____ () C:\Users\User\Documents\em.txt
2015-03-16 21:16 - 2015-03-16 21:38 - 2007689266 _____ () C:\Users\User\Documents\clip0026.avi
2015-03-14 05:20 - 2015-03-14 05:22 - 305592994 _____ () C:\Users\User\Documents\clip0025.avi
2015-03-14 04:57 - 2015-03-14 05:02 - 670460684 _____ () C:\Users\User\Documents\clip0024.avi
2015-03-14 04:53 - 2015-03-20 13:35 - 00000000 ____D () C:\Users\User\Downloads\NeoDownloader
2015-03-14 04:38 - 2015-03-14 04:45 - 323569796 _____ () C:\Users\User\Documents\clip0023.avi
2015-03-14 03:15 - 2015-03-14 03:18 - 166514414 _____ () C:\Users\User\Documents\clip0022.avi
2015-03-13 20:31 - 2015-03-13 20:32 - 00558148 _____ () C:\Users\User\Downloads\VID_20150313_175633.mp4
2015-03-13 18:12 - 2015-03-26 12:00 - 00001232 _____ () C:\Windows\setupact.log
2015-03-13 18:12 - 2015-03-13 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 23:10 - 2015-03-13 01:04 - 00000000 ____D () C:\Users\User\Downloads\alicia rodriguez
2015-03-12 22:06 - 2015-03-12 22:21 - 555565894 _____ () C:\Users\User\Documents\clip0021.avi
2015-03-12 21:59 - 2015-03-12 22:00 - 06567052 _____ () C:\Users\User\Documents\clip0020.avi
2015-03-12 16:29 - 2015-03-12 16:29 - 40208328 _____ () C:\Users\User\Documents\clip0019.avi
2015-03-12 15:51 - 2015-03-12 16:03 - 1481518454 _____ () C:\Users\User\Documents\clip0018.avi
2015-03-12 14:56 - 2015-03-12 15:18 - 3915852054 _____ () C:\Users\User\Documents\clip0017.avi
2015-03-12 14:13 - 2015-03-12 14:13 - 00000000 ____D () C:\Users\User\Tracing
2015-03-12 03:09 - 2015-03-25 23:47 - 00001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-11 22:49 - 2015-03-11 22:57 - 411739706 _____ () C:\Users\User\Documents\clip0016.avi
2015-03-11 22:48 - 2015-03-11 22:49 - 12076186 _____ () C:\Users\User\Documents\clip0015.avi
2015-03-11 22:24 - 2015-03-11 22:27 - 397883558 _____ () C:\Users\User\Documents\clip0014.avi
2015-03-11 22:08 - 2015-03-11 22:14 - 785007784 _____ () C:\Users\User\Documents\clip0013.avi
2015-03-11 22:03 - 2015-03-11 22:05 - 236069696 _____ () C:\Users\User\Documents\clip0012.avi
2015-03-11 21:03 - 2015-03-11 22:03 - 701108234 _____ () C:\Users\User\Documents\clip0011.avi
2015-03-11 16:51 - 2015-03-11 16:51 - 00000000 _____ () C:\Users\User\Downloads\Girlfriend in her private show-1.flv
2015-03-11 16:51 - 2015-03-11 16:51 - 00000000 _____ () C:\Users\User\Downloads\Girlfriend in her private show.flv
2015-03-11 12:38 - 2015-03-11 12:38 - 00140752 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 12:27 - 2015-03-11 12:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Logitech
2015-03-08 13:45 - 2015-03-08 15:17 - 00000000 ____D () C:\Users\User\Downloads\pose for cat
2015-03-07 22:28 - 2015-03-07 22:28 - 00000762 _____ () C:\Users\User\Desktop\kw.txt
2015-03-07 22:01 - 2015-03-07 22:02 - 49608584 _____ () C:\Users\User\Documents\clip0010.avi
2015-03-07 02:28 - 2015-03-07 03:04 - 1050496612 _____ () C:\Users\User\Documents\clip0009.avi
2015-03-07 02:28 - 2015-03-07 02:28 - 00012928 _____ () C:\Users\User\Documents\clip0008.avi
2015-03-04 02:56 - 2015-03-04 02:56 - 00000151 _____ () C:\Users\User\Desktop\d.txt
2015-02-28 20:36 - 2015-02-28 20:36 - 00001234 _____ () C:\Users\User\Desktop\CCleaner - Shortcut.lnk
2015-02-28 16:04 - 2015-03-06 04:14 - 00000000 ____D () C:\Users\User\Downloads\New folder
2015-02-27 16:09 - 2015-02-27 16:09 - 00000000 ____D () C:\Users\User\AppData\Local\Eraser 6
2015-02-27 16:05 - 2015-02-28 20:36 - 00000000 ____D () C:\Users\User\Downloads\ccsetup503
2015-02-27 16:02 - 2015-02-27 16:02 - 00001759 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2015-02-27 16:02 - 2015-02-27 16:02 - 00001747 _____ () C:\Users\Public\Desktop\Eraser.lnk
2015-02-27 16:02 - 2015-02-27 16:02 - 00000000 ____D () C:\Program Files\Eraser
2015-02-26 12:32 - 2015-02-26 12:32 - 00000000 ____D () C:\Users\User\Downloads\1
2015-02-26 11:12 - 2015-02-26 11:12 - 00084480 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2015-02-26 11:12 - 2015-02-26 11:12 - 00077824 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW73.sys
2015-02-26 11:11 - 2015-02-26 11:11 - 00071880 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2015-02-26 11:11 - 2015-02-26 11:11 - 00036040 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2015-02-26 11:09 - 2015-02-26 11:09 - 71040000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2015-02-26 11:09 - 2015-02-26 11:09 - 13789440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 11878656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-02-26 11:09 - 2015-02-26 11:09 - 04713224 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-26 11:09 - 2015-02-26 11:09 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 01468608 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-26 11:09 - 2015-02-26 11:09 - 01175888 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 01145600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 01053208 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00945456 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00844192 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00818000 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00386072 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00276128 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
2015-02-26 11:09 - 2015-02-26 11:09 - 00087864 _____ () C:\Windows\system32\audioLibVc.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 16955392 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-02-26 11:08 - 2015-02-26 11:08 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 03471376 _____ () C:\Windows\system32\atiumdva.cap
2015-02-26 11:08 - 2015-02-26 11:08 - 00765851 _____ () C:\Windows\system32\amdicdxx.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00651264 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb
2015-02-26 11:08 - 2015-02-26 11:08 - 00472576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-02-26 11:08 - 2015-02-26 11:08 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-02-26 11:08 - 2015-02-26 11:08 - 00323252 _____ () C:\Windows\system32\ativvaxy_vi.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00321712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00265416 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-02-26 11:08 - 2015-02-26 11:08 - 00238144 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00234292 _____ () C:\Windows\system32\ativvaxy_cik.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00232624 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00203776 _____ () C:\Windows\system32\clinfo.exe
2015-02-26 11:08 - 2015-02-26 11:08 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00158944 _____ () C:\Windows\system32\ativce03.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00157248 _____ () C:\Windows\system32\amde31a.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00083312 _____ () C:\Windows\system32\ativce02.dat
2015-02-26 11:08 - 2015-02-26 11:08 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00058880 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2015-02-26 11:08 - 2015-02-26 11:08 - 00030720 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-02-26 11:00 - 2015-03-20 02:10 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-26 10:59 - 2015-03-20 02:13 - 00002096 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-02-26 10:59 - 2015-02-26 10:59 - 00023840 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-02-26 10:59 - 2015-02-26 10:59 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-26 10:59 - 2015-02-26 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 12:00 - 2014-12-30 05:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 12:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 11:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system
2015-03-26 11:57 - 2014-07-25 11:20 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-26 11:57 - 2014-07-04 11:24 - 01493487 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 11:50 - 2014-07-04 16:02 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000UA.job
2015-03-26 11:17 - 2014-12-30 05:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 11:08 - 2014-07-08 00:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 11:07 - 2014-07-15 03:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 09:41 - 2014-07-04 11:29 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 09:41 - 2009-07-14 00:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 09:41 - 2009-07-14 00:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 02:00 - 2014-08-16 02:00 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-25 23:37 - 2014-07-10 05:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-03-25 21:11 - 2014-07-15 10:07 - 00000000 ____D () C:\Windows\ERUNT
2015-03-25 20:51 - 2014-07-15 03:56 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 20:51 - 2014-07-15 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 20:51 - 2014-07-15 03:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 20:21 - 2015-02-22 00:32 - 00001293 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-25 20:21 - 2015-02-22 00:32 - 00001281 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-03-25 20:21 - 2014-12-30 05:08 - 00002337 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 20:21 - 2014-07-07 17:15 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 20:21 - 2014-07-07 17:15 - 00001317 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-25 20:21 - 2014-07-04 16:03 - 00002413 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2015-03-25 20:21 - 2014-07-04 11:25 - 00001625 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:50 - 2014-07-04 16:02 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000Core.job
2015-03-25 15:09 - 2014-09-05 09:59 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2015-03-25 03:08 - 2014-08-02 04:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-24 13:02 - 2014-07-15 07:46 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-24 12:23 - 2014-07-15 06:26 - 00000000 ____D () C:\Users\User\Documents\iWisoft Free Video Converter
2015-03-23 19:03 - 2014-07-07 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-20 02:12 - 2014-07-04 17:32 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2015-03-18 12:12 - 2015-02-22 00:32 - 00000000 ____D () C:\Program Files\Opera
2015-03-17 06:15 - 2014-07-15 03:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-15 03:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-15 03:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 14:12 - 2014-08-02 04:36 - 00000000 ___RD () C:\Program Files\Skype
2015-03-12 14:11 - 2014-08-02 04:36 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 12:35 - 2014-09-15 09:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2015-03-11 12:35 - 2014-09-15 09:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-11 12:33 - 2015-02-05 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-03 09:16 - 2014-07-04 15:26 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 01:29 - 2015-02-02 04:12 - 00000000 ____D () C:\Users\User\Desktop\kik
2015-02-27 16:07 - 2014-11-07 22:50 - 00000000 ____D () C:\Windows\Minidump
2015-02-27 16:07 - 2014-07-13 03:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-02-27 16:07 - 2014-07-03 20:42 - 00000000 ____D () C:\Windows\Panther
2015-02-27 12:03 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2015-02-26 11:10 - 2014-07-25 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-26 11:08 - 2014-07-04 16:32 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 00626688 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-02-26 11:08 - 2014-07-04 16:32 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 00212992 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-02-26 11:08 - 2014-07-04 16:32 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll
2015-02-26 11:08 - 2014-07-04 16:32 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2015-03-25 23:47 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 12:13

==================== End Of Log ============================

Attached Files


Edited by keronkkumar, 26 March 2015 - 11:22 AM.


BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:34 PM

Posted 31 March 2015 - 01:02 AM

Hi,

Welcome to the BleepingComputer.com Technical Support Forums! I am Black_Bird and I will be assisting you during the malware removal process.

NOTE: Sadly i do not run a genuine copy of windows, and do not have any means of reinstalling windows.
I bought the computer at a price mart and was not given any window or driver CD'S, so when i took in my computer to a repair shop for repair, the tech guy had to install a non genuine copy of windows.

As you don't run a genuine copy of windows, I will only help you removing the malware. I'm not allowed to give any other support than that, including prevention-information and other software/hardware related problems. I hope you understand.
Although you got this PC delivered this way, it's no reason to keep running it with this pirated license. You can always buy the same product and change your Windows license information without the need to reinstall it.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
If you have illegal/cracked software, cracks, keygens etc. on the system (except for the pirated version of Windows), please remove or uninstall them now.




1. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
4. Please remove fixlist.txt from your PC.

5. Please reboot your PC.

6. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
7. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 02:49 AM

Thank you very much for your response and help, and yes i understand .

It did came with a gen copy of windows , but i did not have the cd's for it . so when the tech reinstalled it , he had to use what ever he had and that's a non gen copy .

i will post the RKill log.


RKill Log

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/31/2015 03:37:07 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/31/2015 03:38:07 AM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)



#4 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 02:55 AM

FIX LOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by User at 2015-03-31 03:51:30 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\A840.exe No File
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-07-05] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A360.lnk
ShortcutTarget: A360.lnk -> C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}\A360.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tc.lnk
ShortcutTarget: tc.lnk -> C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}\tc.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
FF DefaultSearchEngine: mystartsearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.coolsearches.info/?pid=22673&r=2015/03/26&hid=13182728109114779670&lg=EN&cc=TT&unqvl=85&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: mystartsearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\artur.dubovoy@gmail.com [2015-03-16]
FF Extension: AtuZi - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\firefox@a-tu-zi.com.xpi [2014-06-30]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-08-02]
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427329271&from=wpc&uid=ST500DM002-1BD142_S2AKJZEMXXXXS2AKJZEM"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default ->
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1427329271&from=wpc&uid=ST500DM002-1BD142_S2AKJZEMXXXXS2AKJZEM
S2 5d8bc28e; "C:\Windows\system32\rundll32.exe" "c:\Program Files\AppendInit\AppendInit.dll",serv
c:\Program Files\AppendInit
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation-2.flv
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation-1.flv
2015-03-24 13:00 - 2015-03-24 13:00 - 00000000 _____ () C:\Users\User\Downloads\my delicious spray bottle masturbation.flv
2015-03-19 15:58 - 2015-03-19 15:58 - 00000000 ____D () C:\Users\User\Downloads\elena_amt
2015-03-19 13:18 - 2015-03-19 14:07 - 2631344536 _____ () C:\Users\User\Documents\clip0027.avi
2015-03-17 20:29 - 2015-03-17 20:33 - 00000000 ____D () C:\Users\User\Downloads\ATB_1024
2015-03-17 20:28 - 2015-03-17 20:31 - 00000000 ____D () C:\Users\User\Downloads\ATB_1401
2015-03-17 04:15 - 2015-03-17 04:15 - 00000294 _____ () C:\Users\User\Documents\em.txt
2015-03-16 21:16 - 2015-03-16 21:38 - 2007689266 _____ () C:\Users\User\Documents\clip0026.avi
2015-03-14 05:20 - 2015-03-14 05:22 - 305592994 _____ () C:\Users\User\Documents\clip0025.avi
2015-03-14 04:57 - 2015-03-14 05:02 - 670460684 _____ () C:\Users\User\Documents\clip0024.avi
2015-03-14 04:53 - 2015-03-20 13:35 - 00000000 ____D () C:\Users\User\Downloads\NeoDownloader
2015-03-14 04:38 - 2015-03-14 04:45 - 323569796 _____ () C:\Users\User\Documents\clip0023.avi
2015-03-14 03:15 - 2015-03-14 03:18 - 166514414 _____ () C:\Users\User\Documents\clip0022.avi
2015-03-13 20:31 - 2015-03-13 20:32 - 00558148 _____ () C:\Users\User\Downloads\VID_20150313_175633.mp4
2015-03-13 18:12 - 2015-03-26 12:00 - 00001232 _____ () C:\Windows\setupact.log
2015-03-13 18:12 - 2015-03-13 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 23:10 - 2015-03-13 01:04 - 00000000 ____D () C:\Users\User\Downloads\alicia rodriguez
2015-03-12 22:06 - 2015-03-12 22:21 - 555565894 _____ () C:\Users\User\Documents\clip0021.avi
2015-03-12 21:59 - 2015-03-12 22:00 - 06567052 _____ () C:\Users\User\Documents\clip0020.avi
2015-03-12 16:29 - 2015-03-12 16:29 - 40208328 _____ () C:\Users\User\Documents\clip0019.avi
2015-03-12 15:51 - 2015-03-12 16:03 - 1481518454 _____ () C:\Users\User\Documents\clip0018.avi
2015-03-12 14:56 - 2015-03-12 15:18 - 3915852054 _____ () C:\Users\User\Documents\clip0017.avi
2015-03-11 22:49 - 2015-03-11 22:57 - 411739706 _____ () C:\Users\User\Documents\clip0016.avi
2015-03-11 22:48 - 2015-03-11 22:49 - 12076186 _____ () C:\Users\User\Documents\clip0015.avi
2015-03-11 22:24 - 2015-03-11 22:27 - 397883558 _____ () C:\Users\User\Documents\clip0014.avi
2015-03-11 22:08 - 2015-03-11 22:14 - 785007784 _____ () C:\Users\User\Documents\clip0013.avi
2015-03-11 22:03 - 2015-03-11 22:05 - 236069696 _____ () C:\Users\User\Documents\clip0012.avi
2015-03-11 21:03 - 2015-03-11 22:03 - 701108234 _____ () C:\Users\User\Documents\clip0011.avi
2015-03-11 16:51 - 2015-03-11 16:51 - 00000000 _____ () C:\Users\User\Downloads\Girlfriend in her private show-1.flv
2015-03-11 16:51 - 2015-03-11 16:51 - 00000000 _____ () C:\Users\User\Downloads\Girlfriend in her private show.flv
2015-03-08 13:45 - 2015-03-08 15:17 - 00000000 ____D () C:\Users\User\Downloads\pose for cat
2015-03-07 22:28 - 2015-03-07 22:28 - 00000762 _____ () C:\Users\User\Desktop\kw.txt
2015-03-07 22:01 - 2015-03-07 22:02 - 49608584 _____ () C:\Users\User\Documents\clip0010.avi
2015-03-07 02:28 - 2015-03-07 03:04 - 1050496612 _____ () C:\Users\User\Documents\clip0009.avi
2015-03-07 02:28 - 2015-03-07 02:28 - 00012928 _____ () C:\Users\User\Documents\clip0008.avi
2015-03-04 02:56 - 2015-03-04 02:56 - 00000151 _____ () C:\Users\User\Desktop\d.txt


*****************

"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview => value deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A360.lnk => Moved successfully.
C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}\A360.exe not found.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tc.lnk => Moved successfully.
C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}\tc.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\artur.dubovoy@gmail.com => Moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\firefox@a-tu-zi.com.xpi => Moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi => Moved successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => Value was restored successfully.
5d8bc28e => Service deleted successfully.
c:\Program Files\AppendInit => Moved successfully.
"C:\Users\User\Downloads\my delicious spray bottle masturbation-2.flv" => File/Directory not found.
"C:\Users\User\Downloads\my delicious spray bottle masturbation-1.flv" => File/Directory not found.
"C:\Users\User\Downloads\my delicious spray bottle masturbation.flv" => File/Directory not found.
C:\Users\User\Downloads\elena_amt => Moved successfully.
C:\Users\User\Documents\clip0027.avi => Moved successfully.
C:\Users\User\Downloads\ATB_1024 => Moved successfully.
C:\Users\User\Downloads\ATB_1401 => Moved successfully.
C:\Users\User\Documents\em.txt => Moved successfully.
C:\Users\User\Documents\clip0026.avi => Moved successfully.
C:\Users\User\Documents\clip0025.avi => Moved successfully.
C:\Users\User\Documents\clip0024.avi => Moved successfully.
C:\Users\User\Downloads\NeoDownloader => Moved successfully.
C:\Users\User\Documents\clip0023.avi => Moved successfully.
C:\Users\User\Documents\clip0022.avi => Moved successfully.
"C:\Users\User\Downloads\VID_20150313_175633.mp4" => File/Directory not found.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Users\User\Downloads\alicia rodriguez => Moved successfully.
C:\Users\User\Documents\clip0021.avi => Moved successfully.
C:\Users\User\Documents\clip0020.avi => Moved successfully.
C:\Users\User\Documents\clip0019.avi => Moved successfully.
C:\Users\User\Documents\clip0018.avi => Moved successfully.
C:\Users\User\Documents\clip0017.avi => Moved successfully.
C:\Users\User\Documents\clip0016.avi => Moved successfully.
C:\Users\User\Documents\clip0015.avi => Moved successfully.
C:\Users\User\Documents\clip0014.avi => Moved successfully.
C:\Users\User\Documents\clip0013.avi => Moved successfully.
C:\Users\User\Documents\clip0012.avi => Moved successfully.
C:\Users\User\Documents\clip0011.avi => Moved successfully.
"C:\Users\User\Downloads\Girlfriend in her private show-1.flv" => File/Directory not found.
"C:\Users\User\Downloads\Girlfriend in her private show.flv" => File/Directory not found.
C:\Users\User\Downloads\pose for cat => Moved successfully.
C:\Users\User\Desktop\kw.txt => Moved successfully.
C:\Users\User\Documents\clip0010.avi => Moved successfully.
C:\Users\User\Documents\clip0009.avi => Moved successfully.
C:\Users\User\Documents\clip0008.avi => Moved successfully.
C:\Users\User\Desktop\d.txt => Moved successfully.

==== End of Fixlog 03:51:35 ====



#5 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 03:01 AM

I was not ask to restart and the fixlist.txt  dispersed from my desktop after i ran FRST  with fix . should i still run FRST  as normal now ?



#6 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:34 PM

Posted 31 March 2015 - 03:03 AM

Hi there,

 

Yes, please do a regular scan with FRST now - without using fixlist.txt (it should be removed, that's okay).

 

Good luck. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#7 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 03:17 AM

should i restart first ?. thank you again ?



#8 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:34 PM

Posted 31 March 2015 - 03:22 AM

Hi,

 

Just follow-up the steps I gave you. You'll see that you have to reboot your PC indeed before scanning with FRST (without fixlist.txt).

 

Good luck. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#9 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 03:31 AM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 31-03-2015 04:26:57
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6749912 2015-02-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1291597386-3153512252-1289185995-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: UnPlug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\unplug@compunach.xpi [2014-08-01]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-28]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-22]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [85312 2013-05-28] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [178496 2013-05-28] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 04:26 - 2015-03-31 04:27 - 00013988 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-31 04:26 - 2015-03-31 04:26 - 00000056 _____ () C:\Windows\setupact.log
2015-03-31 04:26 - 2015-03-31 04:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 03:37 - 2015-03-31 03:38 - 00002040 _____ () C:\Users\User\Desktop\Rkill.txt
2015-03-31 02:52 - 2015-03-31 02:52 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2015-03-31 01:17 - 2015-03-31 01:17 - 00164673 _____ () C:\Users\User\Downloads\IMG_0857.MOV
2015-03-31 01:16 - 2015-03-31 01:16 - 01021406 _____ () C:\Users\User\Downloads\IMG_0860.MOV
2015-03-31 01:15 - 2015-03-31 01:15 - 00435899 _____ () C:\Users\User\Downloads\IMG_0859.MOV
2015-03-30 22:46 - 2015-03-31 00:20 - 287426192 _____ () C:\Users\User\Downloads\amat_875544s.rar
2015-03-30 03:45 - 2015-03-30 04:22 - 98381143 _____ () C:\Users\User\Downloads\desi_possy.rar
2015-03-29 23:08 - 2015-03-29 23:08 - 00000000 ____D () C:\Users\User\Downloads\amf152
2015-03-29 23:08 - 2015-03-29 23:08 - 00000000 ____D () C:\Users\User\Downloads\0552
2015-03-29 22:01 - 2015-03-29 22:01 - 00000000 ____D () C:\Users\User\Downloads\wGemit
2015-03-29 22:01 - 2015-03-29 22:01 - 00000000 ____D () C:\Users\User\Downloads\amat_su_567
2015-03-29 21:59 - 2015-03-29 21:59 - 00000000 ____D () C:\Users\User\Downloads\81pics-WEBCAM-SET
2015-03-29 00:57 - 2015-03-29 00:57 - 00000000 ____D () C:\Users\User\Downloads\erica
2015-03-29 00:48 - 2015-03-29 00:48 - 00000000 ____D () C:\Users\User\Downloads\stripper
2015-03-28 03:23 - 2015-03-28 03:23 - 00573523 _____ () C:\Users\User\Downloads\IMG_0858.MOV
2015-03-28 03:00 - 2015-03-28 03:00 - 00000000 ____D () C:\Users\User\Downloads\Bailey
2015-03-28 02:57 - 2015-03-28 02:57 - 00000000 ____D () C:\Users\User\Downloads\amat_11224
2015-03-28 02:56 - 2015-03-28 02:56 - 00000000 ____D () C:\Users\User\Downloads\New folder (2)
2015-03-28 00:31 - 2015-03-28 00:31 - 00000000 ____D () C:\Users\User\Downloads\ATB_720
2015-03-28 00:14 - 2015-03-28 00:14 - 00000000 ____D () C:\Users\User\Downloads\brynn
2015-03-26 12:02 - 2015-03-31 04:27 - 00000000 ____D () C:\FRST
2015-03-26 11:23 - 2015-03-26 11:23 - 00044689 _____ () C:\malware3252015.txt
2015-03-26 11:20 - 2015-03-26 11:20 - 00002742 _____ () C:\malware3262015.txt
2015-03-26 11:06 - 2015-03-26 11:07 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-26 01:04 - 2015-03-26 13:55 - 00000000 ____D () C:\Users\User\Downloads\newvid
2015-03-25 21:14 - 2015-03-27 08:29 - 00061556 _____ () C:\Windows\PFRO.log
2015-03-25 20:30 - 2015-03-26 11:58 - 00000000 ____D () C:\ProgramData\{91bec09a-d166-6720-91be-ec09ad16026b}
2015-03-25 20:28 - 2015-03-26 11:58 - 00000000 ____D () C:\ProgramData\{a3a48d0b-6048-493c-a3a4-48d0b604342d}
2015-03-25 20:17 - 2015-03-25 21:10 - 00000000 ____D () C:\Program Files\Zendesk Activity Stream
2015-03-25 20:15 - 2015-03-25 20:15 - 00000000 ____D () C:\ProgramData\55787553407116426
2015-03-25 20:13 - 2015-03-26 11:18 - 00000000 ____D () C:\ProgramData\{dcbaa981-98bc-7324-dcba-aa98198ba606}
2015-03-22 21:05 - 2015-03-22 21:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 02:12 - 2015-03-20 02:12 - 00721112 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2015-03-20 02:12 - 2015-03-20 02:12 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-03-12 14:13 - 2015-03-12 14:13 - 00000000 ____D () C:\Users\User\Tracing
2015-03-12 03:09 - 2015-03-31 01:54 - 00001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-11 12:38 - 2015-03-11 12:38 - 00140752 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 12:27 - 2015-03-11 12:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Logitech

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 04:26 - 2014-12-30 05:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 04:26 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 04:23 - 2014-07-25 11:20 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-31 04:23 - 2014-07-04 11:24 - 01572857 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 04:17 - 2014-12-30 05:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 04:08 - 2014-07-08 00:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 03:50 - 2014-07-04 16:02 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000UA.job
2015-03-31 02:48 - 2014-07-13 03:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-03-31 02:00 - 2014-08-16 02:00 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-30 21:35 - 2009-07-14 00:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:35 - 2009-07-14 00:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:34 - 2014-07-04 11:29 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 18:50 - 2014-07-04 16:02 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000Core.job
2015-03-26 19:35 - 2014-07-15 03:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 11:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system
2015-03-25 23:37 - 2014-07-10 05:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-03-25 21:11 - 2014-07-15 10:07 - 00000000 ____D () C:\Windows\ERUNT
2015-03-25 20:51 - 2014-07-15 03:56 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 20:51 - 2014-07-15 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 20:51 - 2014-07-15 03:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 20:21 - 2015-02-22 00:32 - 00001293 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-25 20:21 - 2015-02-22 00:32 - 00001281 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-03-25 20:21 - 2014-12-30 05:08 - 00002337 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 20:21 - 2014-07-07 17:15 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 20:21 - 2014-07-07 17:15 - 00001317 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-25 20:21 - 2014-07-04 16:03 - 00002413 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2015-03-25 20:21 - 2014-07-04 11:25 - 00001625 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 15:09 - 2014-09-05 09:59 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2015-03-25 03:08 - 2014-08-02 04:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-24 13:02 - 2014-07-15 07:46 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-24 12:23 - 2014-07-15 06:26 - 00000000 ____D () C:\Users\User\Documents\iWisoft Free Video Converter
2015-03-23 19:03 - 2014-07-07 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-20 02:13 - 2015-02-26 10:59 - 00002096 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-03-20 02:12 - 2014-07-04 17:32 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2015-03-20 02:10 - 2015-02-26 11:00 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-18 12:12 - 2015-02-22 00:32 - 00000000 ____D () C:\Program Files\Opera
2015-03-17 06:15 - 2014-07-15 03:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-15 03:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-15 03:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 14:12 - 2014-08-02 04:36 - 00000000 ___RD () C:\Program Files\Skype
2015-03-12 14:11 - 2014-08-02 04:36 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 12:35 - 2014-09-15 09:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2015-03-11 12:35 - 2014-09-15 09:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-11 12:33 - 2015-02-05 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-06 04:14 - 2015-02-28 16:04 - 00000000 ____D () C:\Users\User\Downloads\New folder
2015-03-03 09:16 - 2014-07-04 15:26 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2015-03-31 01:54 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 12:13

==================== End Of Log ============================



#10 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 03:33 AM

That Mystrtsearch.com still shows up when i open my browsers .



#11 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 03:51 AM

it's 4:49 am now and i need to get ready for work :) . i will post what ever you need when i get back . thank you for taking the time to help me :).

ps. you guys need a thumbs up emoji lol .



#12 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:34 PM

Posted 31 March 2015 - 09:51 AM

Hi,

That Mystrtsearch.com still shows up when i open my browsers .

In which browers does it still show up exactly? 
 

it's 4:49 am now and i need to get ready for work :) . i will post what ever you need when i get back . thank you for taking the time to help me :).
ps. you guys need a thumbs up emoji lol .

Hehe, thanks. No problem at all. :)

=================================================================================================

1. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
4. Please remove fixlist.txt from your PC.

5. Start Malwarebytes' Anti-Malware.
  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
6. Please reboot your PC (if not already done by Malwarebytes' Anti-Malware).

7. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
8. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Malwarebytes' Anti-Malware
  • Farbar Recovery Scan Tool - regular scan
Good luck! :)
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#13 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 11:55 AM

it shows up on every browser i have , Internet Explore, Google chrome, Fire Fox, Opera

My home page is normal for all, like if i click the home icon, it takes me to my set home page.

Its only when i first open ( every time ) i get the mystartsearch, i normally just open a new tab and close off the mystartsearch tab.


RKill

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/31/2015 12:45:23 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/31/2015 12:46:24 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)



#14 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 11:59 AM

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by User at 2015-03-31 12:56:21 Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-22]
2015-03-31 01:17 - 2015-03-31 01:17 - 00164673 _____ () C:\Users\User\Downloads\IMG_0857.MOV
2015-03-31 01:16 - 2015-03-31 01:16 - 01021406 _____ () C:\Users\User\Downloads\IMG_0860.MOV
2015-03-31 01:15 - 2015-03-31 01:15 - 00435899 _____ () C:\Users\User\Downloads\IMG_0859.MOV
2015-03-30 22:46 - 2015-03-31 00:20 - 287426192 _____ () C:\Users\User\Downloads\amat_875544s.rar
2015-03-30 03:45 - 2015-03-30 04:22 - 98381143 _____ () C:\Users\User\Downloads\desi_possy.rar
2015-03-29 23:08 - 2015-03-29 23:08 - 00000000 ____D () C:\Users\User\Downloads\amf152
2015-03-29 23:08 - 2015-03-29 23:08 - 00000000 ____D () C:\Users\User\Downloads\0552
2015-03-29 22:01 - 2015-03-29 22:01 - 00000000 ____D () C:\Users\User\Downloads\wGemit
2015-03-29 22:01 - 2015-03-29 22:01 - 00000000 ____D () C:\Users\User\Downloads\amat_su_567
2015-03-29 21:59 - 2015-03-29 21:59 - 00000000 ____D () C:\Users\User\Downloads\81pics-WEBCAM-SET
2015-03-29 00:57 - 2015-03-29 00:57 - 00000000 ____D () C:\Users\User\Downloads\erica
2015-03-29 00:48 - 2015-03-29 00:48 - 00000000 ____D () C:\Users\User\Downloads\stripper
2015-03-28 03:23 - 2015-03-28 03:23 - 00573523 _____ () C:\Users\User\Downloads\IMG_0858.MOV
2015-03-28 03:00 - 2015-03-28 03:00 - 00000000 ____D () C:\Users\User\Downloads\Bailey
2015-03-28 02:57 - 2015-03-28 02:57 - 00000000 ____D () C:\Users\User\Downloads\amat_11224
2015-03-28 02:56 - 2015-03-28 02:56 - 00000000 ____D () C:\Users\User\Downloads\New folder (2)
2015-03-28 00:31 - 2015-03-28 00:31 - 00000000 ____D () C:\Users\User\Downloads\ATB_720
2015-03-28 00:14 - 2015-03-28 00:14 - 00000000 ____D () C:\Users\User\Downloads\brynn
2015-03-26 01:04 - 2015-03-26 13:55 - 00000000 ____D () C:\Users\User\Downloads\newvid

*****************

C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
C:\Users\User\Downloads\IMG_0857.MOV => Moved successfully.
C:\Users\User\Downloads\IMG_0860.MOV => Moved successfully.
C:\Users\User\Downloads\IMG_0859.MOV => Moved successfully.
C:\Users\User\Downloads\amat_875544s.rar => Moved successfully.
C:\Users\User\Downloads\desi_possy.rar => Moved successfully.
C:\Users\User\Downloads\amf152 => Moved successfully.
C:\Users\User\Downloads\0552 => Moved successfully.
C:\Users\User\Downloads\wGemit => Moved successfully.
C:\Users\User\Downloads\amat_su_567 => Moved successfully.
C:\Users\User\Downloads\81pics-WEBCAM-SET => Moved successfully.
C:\Users\User\Downloads\erica => Moved successfully.
C:\Users\User\Downloads\stripper => Moved successfully.
C:\Users\User\Downloads\IMG_0858.MOV => Moved successfully.
C:\Users\User\Downloads\Bailey => Moved successfully.
C:\Users\User\Downloads\amat_11224 => Moved successfully.
C:\Users\User\Downloads\New folder (2) => Moved successfully.
C:\Users\User\Downloads\ATB_720 => Moved successfully.
C:\Users\User\Downloads\brynn => Moved successfully.
C:\Users\User\Downloads\newvid => Moved successfully.

==== End of Fixlog 12:56:32 ====



#15 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:08:34 AM

Posted 31 March 2015 - 01:29 PM

Malwarebytes' Anti-Malware.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/31/2015
Scan Time: 1:05:16 PM
Logfile: MBAR.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.31.06
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 505282
Time Elapsed: 1 hr, 19 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SkyTech.A, C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EDAM64S\1[1].zip, , [1cf60e3ee8a23bfb2eb955add82a4db3],
PUP.Optional.MyStartSearch.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, , [e62c98b4602a1f1740a5e6dfa95a9070],
PUP.Optional.MyStartSearch.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, , [39d9f9535931e35314d19e27b84b8f71],

Physical Sectors: 0
(No malicious items detected)


(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users