Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET potential threat found - a variant of Win32/SProtector.D PUA


  • This topic is locked This topic is locked
5 replies to this topic

#1 hwa93

hwa93

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 04 May 2015 - 03:52 AM

Hi!
Every time I start up my desktop, I keep getting messages from ESET:
 
Potential threat found
Object: Operating memory - rundll32.exe (1892)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
After I clean it or delete it, it comes back again when I startup my desktop next time. Also number in brackets after rundll32.exe is changing such as:
 
Potential threat found
Object: Operating memory - rundll32.exe (1920)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
It has been more than a month I keep getting these message from ESET.
 
Could anyone help me, please?
I have downloaded these 4 softwares on my desktop: 
1) DDS , 2) Malwarebytes' Anti-Malware , 3) AdwCleaner  and 4) Farbar Recovery Scan Tool (32 bit)
And get their respective log files and attachments as follows:
 
1)Here's a DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Administrator at 10:11:37 on 2015-05-04
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.767.215 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 7.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* 
.
============== Running Processes ================
.
C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
c:\program files\common files\thunder network\tp\ver1\1.1.2.253_1111\thunderplatform.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
uDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX
uDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
mStart Page = hxxp://search.gboxapp.com/
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
uProxyOverride = local;127.0.0.1:9421;<local>
mSearchAssistant = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
mCustomizeSearch = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271333360421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C117A2E5-EFBF-4A3A-A3A5-128E43E2F584} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - LocalServer32 - <no file>
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=  
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - hxxp://search.gboxapp.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\common files\thunder network\useragent\npxluser2.0.2.3.dll
FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\qvodplayer\npQvodInsert.dll
FF - plugin: c:\program files\qvodplayer\npShareModule.dll
FF - plugin: c:\program files\thunder network\thunder\data\npxunlei1.0.0.2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1209149.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: d:\downloads\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - ExtSQL: 2015-03-27 14:52; c0fi@s.org; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\c0fi@s.org
FF - ExtSQL: 2015-03-27 14:52; fDb@s.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\fDb@s.com
FF - ExtSQL: 2015-03-27 14:52; kC@LT.edu; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymvikiiu.default\extensions\kC@LT.edu
.
============= SERVICES / DRIVERS ===============
.
R1 bd0001;bd0001;c:\windows\system32\drivers\bd0001.sys [2014-8-23 70984]
R1 bd0004;bd0004;c:\windows\system32\drivers\bd0004.sys [2014-8-23 183112]
R1 BDMWrench;BDMWrench;c:\windows\system32\drivers\BDMWrench.sys [2014-8-29 229712]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-6-6 243128]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
R2 6b57ae94;BorderlineRunner;c:\windows\system32\rundll32.exe [2006-3-1 33280]
R2 BDSGRTP;BDSGRTP Service;c:\program files\common files\baidu\baiduprotect\1.1.0.34\BaiduProtect.exe [2014-8-23 1101152]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-9-12 1337752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-29 54752]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2012-11-29 90112]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-7-9 5261584]
R2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost -k xlserviceplatform --> c:\windows\system32\svchost -k XLServicePlatform [?]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2015-3-30 28600]
R3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\drivers\droidcamvideo.sys [2015-3-30 224440]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S1 bd0002;bd0002;c:\windows\system32\drivers\bd0002.sys --> c:\windows\system32\drivers\bd0002.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eweoivgjr;Server Universal;c:\windows\system32\svchost.exe -k netsvcs [2006-3-1 14336]
S2 SkypeUpdate;Skype Updater;d:\downloads\updater\Updater.exe [2013-10-23 172192]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2006-3-1 14336]
S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-5 13232]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-2-16 13232]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admini~1\locals~1\temp\kkh12d.tmp --> c:\docume~1\admini~1\locals~1\temp\KKH12D.tmp [?]
S3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-9-23 13528]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\drivers\ggsomc.sys [2014-7-6 26328]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2014-11-12 18432]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\drivers\kinonivd.sys [2014-11-12 2782080]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-17 48280]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 30488]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-11-14 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-11-14 79360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2014-8-19 155824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XDva404;XDva404;\??\c:\windows\system32\xdva404.sys --> c:\windows\system32\XDva404.sys [?]
.
=============== Created Last 30 ================
.
2015-04-28 09:21:54 -------- d-----w- c:\program files\Secure Downloader
2015-04-28 09:20:33 -------- d-----w- c:\program files\Happy2Seaave
2015-04-28 09:20:07 -------- d-----w- c:\program files\AllCHeapPraICE
2015-04-28 09:19:52 -------- d-----w- c:\program files\IussavEr
2015-04-27 11:47:57 -------- d-----w- c:\documents and settings\all users\application data\AdBlocker Manger
2015-04-27 11:27:28 -------- d-----w- c:\program files\BorderlineRunner
2015-04-27 11:26:55 -------- d-----w- c:\documents and settings\all users\application data\3d3d7eac0000518f
2015-04-11 05:57:25 -------- d-----w- c:\program files\RegulaRiDeuAls
2015-04-11 05:57:11 -------- d-----w- c:\program files\CuoupExteinsion
2015-04-11 05:57:01 -------- d-----w- c:\program files\TakeTHeCoupon
2015-04-11 05:56:56 -------- d-----w- c:\program files\Deezer Mediakeys Reloaded
.
==================== Find3M  ====================
.
2015-05-02 13:26:25 20 ----a-w- c:\documents and settings\administrator\application data\appdataFr3.bin
2015-03-30 05:32:59 224440 ----a-w- c:\windows\system32\drivers\droidcamvideo.sys
2015-03-30 05:32:56 28600 ----a-w- c:\windows\system32\drivers\droidcam.sys
2015-02-25 19:09:58 128552 ----a-w- c:\program files\GarenaHoN_3060303.exe
2015-02-16 08:20:02 26176 ---ha-w- c:\windows\system32\hamachi.sys
2013-02-15 14:29:06 728858 ----a-w- c:\program files\common files\unins000.exe
2008-03-08 23:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 10:12:13.17 ===============
 
 
attach.txt is in attachment.
 
 
2)MBAB has detected one or more threats (314 identified threats), here is the log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/4/2015
Scan Time: 2:48:59 PM
Logfile: MBAB.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.03.06
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323195
Time Elapsed: 32 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 7
PUP.Optional.SProtector, C:\Program Files\BorderlineRunner\BorderlineRunner.dll, , [fe44f798bfcb86b022f6979e946e5ca4], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunWorks.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
 
Registry Keys: 112
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, , [c082840bdbaf06309e509ec5788b837d], 
PUP.Optional.Funshion, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, , [c082840bdbaf06309e509ec5788b837d], 
Trojan.Downloader, HKLM\SOFTWARE\CLASSES\APPID\{90A52F08-64AC-4DC6-9D7D-4516670275D3}, , [c979c0cf61299f972cc03f388182f808], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{1D8161E5-DAAA-3887-2E19-1B46CE4D0528}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\1D8161E5-DAAA-3887-2E19-1B46CE4D0528.Addr.1, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\1D8161E5-DAAA-3887-2E19-1B46CE4D0528.Addr, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1D8161E5-DAAA-3887-2E19-1B46CE4D0528}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D8161E5-DAAA-3887-2E19-1B46CE4D0528}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol.1, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject.1, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, , [7bc7781792f84ee88e5f5c0745bee51b], 
Trojan.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}, , [c87ac9c6e0aaeb4b9300d5902bd8a957], 
Trojan.BHO, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}, , [c87ac9c6e0aaeb4b9300d5902bd8a957], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Optional.ShoppingSuggestion.A, HKLM\SOFTWARE\CLASSES\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066}, , [3a08f29d5931171f4973f459c53ed030], 
PUP.Optional.ShoppingSuggestion.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9186135C-5067-4BD3-A886-B0A533744D5D}, , [3a08f29d5931171f4973f459c53ed030], 
PUP.Optional.ShoppingSuggestion.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2BFF5187-8BA1-4469-91B9-2FC1B6DD7F8C}, , [3a08f29d5931171f4973f459c53ed030], 
PUP.Optional.ShoppingSuggestion.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F6C07882-D703-4DD5-905A-2C4E815A5066}, , [3a08f29d5931171f4973f459c53ed030], 
PUP.Optional.ShoppingSuggestion.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F6C07882-D703-4DD5-905A-2C4E815A5066}, , [3a08f29d5931171f4973f459c53ed030], 
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1C46A0DD-D53E-46C4-A435-CA11103E255E}, , [5ee4eca3a5e5fa3cddcd73da8281a957], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\privitize.privitizedskBnd, , [5ee4eca3a5e5fa3cddcd73da8281a957], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\privitize.privitizedskBnd.1, , [5ee4eca3a5e5fa3cddcd73da8281a957], 
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1C46A0DD-D53E-46C4-A435-CA11103E255E}, , [5ee4eca3a5e5fa3cddcd73da8281a957], 
PUP.Optional.BuzzSearch.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}, , [1d2591fef694dc5a3762dda9887bc13f], 
PUP.Optional.BuzzSearch.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}, , [1d2591fef694dc5a3762dda9887bc13f], 
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{77FEF28E-EB96-44FF-B511-3185DEA48697}, , [d1711c7311790333553c4b2cf80b946c], 
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{77FEF28E-EB96-44FF-B511-3185DEA48697}, , [d1711c7311790333553c4b2cf80b946c], 
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, , [dc66cfc0b4d6270ffd97a8cfd033d32d], 
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, , [dc66cfc0b4d6270ffd97a8cfd033d32d], 
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62155D33-3CE2-401E-8967-5A270628A3D5}, , [f949ace32f5bb6808e753e4b44bfbf41], 
Trojan.Cinmus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A7F05EE4-0426-454F-8013-C41E3596E9E9}, , [19290c8343479f97f89b086feb188c74], 
Adware.BDSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}, , [c9790689107a0b2b60e8184fcd36bb45], 
PUP.Optional.OfferBox.A, HKLM\SOFTWARE\CLASSES\OKitSpace, , [7dc5ace3f298b97d0d4cf25fe61d59a7], 
PUP.Optional.OfferBox.A, HKLM\SOFTWARE\CLASSES\OKitSpace.1, , [71d16c23216963d34e0b450c4cb7ab55], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [ff435837e8a2d2644bb26de90003a060], 
PUP.Optional.MultiPlug.Uns, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, , [74ce157a573370c622326bd823e08080], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{75a7b6e3-4e34-4c3e-baa2-727e928b7e21}, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\P75a7b6e3_4e34_4c3e_baa2_727e928b7e21_.P75a7b6e3_4e34_4c3e_baa2_727e928b7e21_, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\P75a7b6e3_4e34_4c3e_baa2_727e928b7e21_.P75a7b6e3_4e34_4c3e_baa2_727e928b7e21_.9, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75A7B6E3-4E34-4C3E-BAA2-727E928B7E21}, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{75A7B6E3-4E34-4C3E-BAA2-727E928B7E21}, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{2e6b6c92-dc7a-4df4-b8bd-db5da2844149}, , [54ee721d4a401e181bd59ab38d75ed13], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\P2e6b6c92_dc7a_4df4_b8bd_db5da2844149_.P2e6b6c92_dc7a_4df4_b8bd_db5da2844149_, , [54ee721d4a401e181bd59ab38d75ed13], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\P2e6b6c92_dc7a_4df4_b8bd_db5da2844149_.P2e6b6c92_dc7a_4df4_b8bd_db5da2844149_.9, , [54ee721d4a401e181bd59ab38d75ed13], 
PUP.Optional.Multiplug.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2E6B6C92-DC7A-4DF4-B8BD-DB5DA2844149}, , [54ee721d4a401e181bd59ab38d75ed13], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2E6B6C92-DC7A-4DF4-B8BD-DB5DA2844149}, , [54ee721d4a401e181bd59ab38d75ed13], 
Trojan.Agent.CK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod, , [93af8c03781255e1ed17f72cdd298c74], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, , [7bc79bf4b5d56acc6b9b8aa9ca38c63a], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{38023bab-466c-467c-a823-883aba1b589c}, , [172b29668307fb3bbf25ce75fe0402fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P38023bab_466c_467c_a823_883aba1b589c_.P38023bab_466c_467c_a823_883aba1b589c_, , [172b29668307fb3bbf25ce75fe0402fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P38023bab_466c_467c_a823_883aba1b589c_.P38023bab_466c_467c_a823_883aba1b589c_.9, , [172b29668307fb3bbf25ce75fe0402fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{38023BAB-466C-467C-A823-883ABA1B589C}, , [172b29668307fb3bbf25ce75fe0402fe], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Tencent Browser Helper, , [c47ea2edd8b246f059daf379996b19e7], 
PUP.Optional.DigiCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.DigiCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1EA56CF8-1B08-4B8B-BAD9-77D0A2F55837}, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.DigiCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AFE44F7D-9EB4-426B-AB34-4DAB85ECDF91}, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.DigiCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D75E8573-4E73-4642-8517-A6348042151C}, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.DigiCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC00432C-FF74-41C6-BE9E-7F2224FDB437}, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.NetCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.NetCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.NetCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.NetCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.NetCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, , [fb474d42e1a96dc9ace91ac8917224dc], 
PUP.Optional.OKitSpace.A, HKLM\SOFTWARE\OKitSpace, , [66dcd7b85238d3631daeaa713fc5a65a], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc, , [7cc65b344a4033034c5811fa2bd9c23e], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc.1, , [0d35424d305a82b49311ff0c28dc8b75], 
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, , [3f032f60ef9b191dbbae8ef88b79cf31], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [0d35b3dc2565c3739dce8867b94a14ec], 
PUP.Optional.OKitSpace.A, HKLM\SOFTWARE\CLASSES\APPID\OKitSpace.DLL, , [330f404f4248a6905c6dbc5f28dcda26], 
PUP.Optional.VNMToolbar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dghncoeocefmhkhiphdgikkamjeglbfh, , [64de8e014a40ee48723f1fdae122d927], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, , [e75bb5da444646f02a7ec744c83c946c], 
PUP.Optional.CertifiedTB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fnjancchhkabckonnimkjhcjhnaopfob, , [ff43800f6129c76f8405a0587291f40c], 
PUP.Optional.OKitSpace.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hifnddafpdkmjljallgdlkjiiieidmec, , [ba884c431d6d54e2bc0ede3dd52fe31d], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BHNJJBCNBMJMHGPLIAHLAMECMBEJPAOL, , [e45e3d52f49682b44113438851b2c63a], 
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\INDUSTRIYA\privitize, , [9ca6a2eda2e861d5ced79c6f19eb8d73], 
PUP.Optional.AppsUpdater.A, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\AppsUpdater, , [0d35c6c9f793e94d44f2351c768fe020], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\TBH, , [66dc69266c1e9e98dcf93b5b8183df21], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [271b7e1196f41422fe371db825de48b8], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [e1615e317f0b73c389ab20b549baea16], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [6ed4dcb3f8923303cd357370ec17837d], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [2b170e81b1d9d75fc969c60fb35021df], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, , [86bc4e416426e155457e6494fe0538c8], 
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, , [3f03abe4dbafb185d1f2ca4d659f8878], 
PUP.Optional.BorderlineRunner.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\6b57ae94, , [5de52a652d5d9c9ab60030a0778c16ea], 
PUP.Optional.TNT.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\TNT2, , [93af97f8bad0f343ad393f9763a014ec], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BHNJJBCNBMJMHGPLIAHLAMECMBEJPAOL, , [d46eaee15b2f04320e47deedf3109a66], 
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\INDUSTRIYA\privitize, , [94ae246b5b2f46f0aff77c8fe81cf60a], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [39098e01276395a169c277a3659fba46], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\INSTALLCORE, , [39091e718bffa492de1754dbd2331ee2], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [9ea4fb94395176c0b21a745d22e145bb], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [de64b1de87032511f6d712bf8f74bb45], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [3c06701f1e6cc373834bd9f813f07e82], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [f44ec2cd3b4f77bf6f383f22ea1bff01], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [c77ba1eeb5d5ae88bf1025ac2fd422de], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [1d254c4385059c9a7e52d00127dc2ad6], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [ce743a556d1dd95d52e1f2e3a2613cc4], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\SYSTWEAK\ssd, , [3d0593fca3e7ab8b8d35fbfd986b1de3], 
Trojan.Agent, HKU\S-1-5-21-507921405-1844823847-725345543-500_Classes\thunder, , [60e2107f147689ad26437214749047b9], 
PUP.Optional.FunData.A, HKLM\SOFTWARE\CLASSES\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}, , [ad952f60a1e9b6804bc46555887bcf31], 
 
Registry Values: 13
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{B580CF65-E151-49C3-B73F-70B13FCA8E86}, eè?o?¤??′|I?p?è??, , [dc66cfc0b4d6270ffd97a8cfd033d32d]
Trojan.Cinmus, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, , [61e13b541d6dd363286c1e59887bb54b], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}, , [73cfc8c7404a0a2c2d31fb777a89e21e], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}, , [73cfc8c7404a0a2c2d31fb777a89e21e], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{A57E074F-56D8-4A33-8112-AAC9693AA909}, , [c37f8b04dcae1323f133cca6bd467f81], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{A57E074F-56D8-4A33-8112-AAC9693AA909}, , [c37f8b04dcae1323f133cca6bd467f81], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{669751ED-D558-49AE-B01A-3B374CC7910E}, , [dc660a85cbbf290d7b6c5819f50e738d], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{669751ED-D558-49AE-B01A-3B374CC7910E}, , [dc660a85cbbf290d7b6c5819f50e738d], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhnjjbcnbmjmhgpliahlamecmbejpaol|path, C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx, , [e45e3d52f49682b44113438851b2c63a]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1362147803265&tguid=41460-2938-1362147624687-99061&q=%s, , [4cf6c2cd45458fa728273dbfcd36e917]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhnjjbcnbmjmhgpliahlamecmbejpaol|path, C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx, , [d46eaee15b2f04320e47deedf3109a66]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, , [39091e718bffa492de1754dbd2331ee2]
PUP.Optional.FunData.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}, FunSeed extension, , [ad952f60a1e9b6804bc46555887bcf31]
 
Registry Data: 12
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX),,[54ee78173d4d171f817942c2df277987]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[3909b5da028853e341b9af55fe08c33d]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[e959533cc2c8ce687981b45053b37a86]
PUP.Optional.GboxApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),,[a39f0689a2e80c2a99778b7b9c6acf31]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[52f0f798bbcf072f6795897bb452c739]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[6fd3c6c92169cd691ddf18ece02616ea]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[083af19ed8b231051bc311fa2cdaa65a]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[2b176d22e7a30b2b926946be699dbf41]
PUP.Optional.GboxApp.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),,[043ef6993951d1651df44bbb52b4b24e]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX),,[df63127dbcce84b2c73462a233d317e9]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q={searchTerms}),,[c37f1e71f298f73f5aa1857f95717f81]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1362147803265&tguid=41460-2938-1362147624687-99061&q=%s, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1362147803265&tguid=41460-2938-1362147624687-99061&q=%s),,[86bc8f0095f5c96d86ff888903034eb2]
 
Folders: 40
PUP.Optional.SweetIM.C, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, , [43ff9ef1137764d250dec0100bf8be42], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org\content, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com\content, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu\content, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.DigiCoupon.A, C:\Program Files\DigiCoupoN, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.NetCoupon.A, C:\Program Files\NNetOCouupooN, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale, , [2220800f622874c2e3378ed2be4750b0], 
PUP.Optional.iSaver.A, C:\Program Files\Isaverr, , [66dc612eb2d838fe208cb7a945c0867a], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\Application Data\OpenCandy, , [93af4d423d4d989e1d9e7f19a95a926e], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\Application Data\OpenCandy\8416642EFF6744D7A849791F5AFEC346, , [93af4d423d4d989e1d9e7f19a95a926e], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\Application Data\OpenCandy\8BC57F4C1B6A4D6BA4FB05A81FE18923, , [93af4d423d4d989e1d9e7f19a95a926e], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Chrome, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox\chrome, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox\chrome\content, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox\chrome\content\icons, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox\chrome\skin, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\IE, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect\files, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect\updateSrv, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.NextLive.A, C:\Documents and Settings\Administrator\Application Data\newnext.me, , [1b2798f76624d85e5dde603ae122fb05], 
PUP.Optional.NextLive.A, C:\Documents and Settings\Administrator\Application Data\newnext.me\cache, , [1b2798f76624d85e5dde603ae122fb05], 
PUP.Optional.SimilarSites.A, C:\Documents and Settings\Administrator\Application Data\SimilarSites, , [78ca6d22c7c3d3630881c5dafe05a65a], 
PUP.Optional.AdBlockerManger.A, C:\Documents and Settings\All Users\Application Data\AdBlocker Manger, , [0f33bdd2fe8c191dc4a2fabd699a47b9], 
PUP.Optional.UniDeals.A, C:\Program Files\UniDeals, , [f15196f9a9e11a1c86eb7445d62dee12], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\tag, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\update, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.TakeTheCoupon.A, C:\Program Files\TakeTHeCoupon, , [e06237583456f93d1a514775ae55a45c], 
PUP.Optional.FunAcce.A, C:\Documents and Settings\All Users\Application Data\FunAcce, , [d270f699751554e28b793885907303fd], 
PUP.Optional.FunAcce.A, C:\Documents and Settings\All Users\Application Data\FunAcce\tag, , [d270f699751554e28b793885907303fd], 
PUP.Optional.BlockTheAds.A, C:\Documents and Settings\All Users\Application Data\Block The Ads, , [53efaae5aae0bc7af47448785ba8dd23], 
PUP.Optional.Softonic.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Softonic-Eng7, , [172bd5bab2d8023411089a2956adfa06], 
PUP.Optional.Softonic.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\Softonic-Eng7\Logs, , [172bd5bab2d8023411089a2956adfa06], 
 
Files: 130
PUP.Optional.SProtector, C:\Program Files\BorderlineRunner\BorderlineRunner.dll, , [fe44f798bfcb86b022f6979e946e5ca4], 
PUP.Optional.Funshion, C:\Program Files\QvodPlayer\AddIn\{1D8161E5-DAAA-3887-2E19-1B46CE4D0528}\QvodAddr.dll, , [7bc7781792f84ee88e5f5c0745bee51b], 
PUP.Optional.Funshion, C:\Program Files\QvodPlayer\AddIn\{1D8161E5-DAAA-3887-2E19-1B46CE4D0528}\ASBarBroker.exe, , [e260fe91aae0e056f4f8d3907b88f20e], 
PUP.Funshion, C:\Documents and Settings\Administrator\Application Data\FunUninstall\uninstall.exe, , [12300b842268a78f48f1b6eaef11f60a], 
PUP.Optional.MultiPlug.Uns, C:\Documents and Settings\All Users\Application Data\AdBlocker Manger\AdBlocker Manger.exe, , [74ce157a573370c622326bd823e08080], 
PUP.Optional.MultiPlug.Uns, C:\Documents and Settings\All Users\Application Data\Block The Ads\Block The Ads.exe, , [10320b8467235bdbcb892f148e757789], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\drikold.zip, , [1a28eba45f2b5ed8b089128ef30d817f], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\JadeHe.dll, , [cd753a550981e452c6738e12cf311ee2], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\Raptor.dll, , [1b27830c3c4e3501a2975b45e917f10f], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\gma.dll, , [41014f402b5f4bebe2573868c63acd33], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\Turkey.dll, , [0240256aed9dda5cb386297718e842be], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\Uninstall.exe, , [1d257c13c8c25ed80237d3cd2dd36898], 
PUP.Funshion, C:\Documents and Settings\All Users\Application Data\Fundata\Zhongshan.dll, , [c1810f80addd0d294ced772907f905fb], 
PUP.Optional.Multiplug.A, C:\Program Files\NNetOCouupooN\GLTi6XR8BqB9iW.dll, , [67db8807c5c5c274f7f9be8f49b94db3], 
PUP.Optional.Multiplug.A, C:\Program Files\Isaverr\FiDge0kR6eLR9j.dll, , [54ee721d4a401e181bd59ab38d75ed13], 
Trojan.Agent.CK, C:\Program Files\TNod User & Password Finder\TNODUP.exe, , [3111890695f550e6cc38c85b30d6a15f], 
Trojan.Agent.CK, C:\Program Files\TNod User & Password Finder\uninst-tnod.exe, , [93af8c03781255e1ed17f72cdd298c74], 
PUP.Optional.Multiplug.A, C:\Program Files\UnIDealsee\UnIDealsee.exe, , [b48e642b1674e2547a8c280bb74bac54], 
PUP.Optional.Multiplug.A, C:\Program Files\Music Maker\Music Maker.exe, , [7bc79bf4b5d56acc6b9b8aa9ca38c63a], 
PUP.Optional.MultiPlug.A, C:\Program Files\DigiCoupoN\XU26HMPhJNeYOq.dll, , [172b29668307fb3bbf25ce75fe0402fe], 
PUP.BitcoinMiner, C:\Program Files\VLC Player GPU+\namecoin-dns.exe, , [9fa3840be0aa0135cac3c569827fc040], 
PUP.BitcoinMiner, C:\Program Files\VLC Player GPU+\coinutil.dll, , [cb77058aa2e8ca6ce97bc567de2336ca], 
PUP.BitCoinMiner, C:\Program Files\VLC Player GPU+\miner.dll, , [b68cabe46f1bf046e1d320d6936da45c], 
PUP.BitCoinMiner, C:\Program Files\VLC Player GPU+\usft_ext.dll, , [0c36602ffe8cda5cf5270d101ee32fd1], 
PUP.Optional.SweetIM, C:\WINDOWS\Installer\e131cf.msi, , [1230eea11179cf677ec8201745c1837d], 
PUP.Optional.SweetIM.C, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, , [43ff9ef1137764d250dec0100bf8be42], 
PUP.Optional.SweetIM.C, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx, , [43ff9ef1137764d250dec0100bf8be42], 
PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\searchplugins\brothersoft-extreme3-customized-web-search.xml, , [2e149ff01b6fc571e08da43abe45eb15], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi, , [f84a99f6f496a393607ebb2aa55e0ef2], 
Trojan.Agent, C:\WINDOWS\system32\Scrax.dll, , [c47ea2edd8b246f059daf379996b19e7], 
Trojan.Agent, C:\WINDOWS\system32\SSup.dll, , [043ecbc496f4f2449e5c93d9cf356f91], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org\content\bg.js, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org\bootstrap.js, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org\chrome.manifest, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\c0fi@s.org\install.rdf, , [00424d42cbbfb5817f566fefa362f10f], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com\content\bg.js, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com\bootstrap.js, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com\chrome.manifest, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\fDb@s.com\install.rdf, , [bf838e01adddc274b322f6686a9b30d0], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu\content\bg.js, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu\bootstrap.js, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu\chrome.manifest, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.MultiPlug.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\kC@LT.edu\install.rdf, , [e55dc1cebfcbc47207ce9ec036cfbe42], 
PUP.Optional.DigiCoupon.A, C:\Program Files\DigiCoupoN\XU26HMPhJNeYOq.tlb, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.DigiCoupon.A, C:\Program Files\DigiCoupoN\XU26HMPhJNeYOq.dat, , [e9595a355b2f79bd65edd28dd5300ff1], 
PUP.Optional.NetCoupon.A, C:\Program Files\NNetOCouupooN\GLTi6XR8BqB9iW.tlb, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.NetCoupon.A, C:\Program Files\NNetOCouupooN\GLTi6XR8BqB9iW.dat, , [f0527c131a7052e41956f36cd72e38c8], 
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale\lsdb.js, , [2220800f622874c2e3378ed2be4750b0], 
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale\background.html, , [2220800f622874c2e3378ed2be4750b0], 
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale\content.js, , [2220800f622874c2e3378ed2be4750b0], 
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale\z3ZG.js, , [2220800f622874c2e3378ed2be4750b0], 
PUP.Optional.iSaver.A, C:\Program Files\Isaverr\FiDge0kR6eLR9j.tlb, , [66dc612eb2d838fe208cb7a945c0867a], 
PUP.Optional.iSaver.A, C:\Program Files\Isaverr\FiDge0kR6eLR9j.dat, , [66dc612eb2d838fe208cb7a945c0867a], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\Application Data\OpenCandy\8416642EFF6744D7A849791F5AFEC346\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe, , [93af4d423d4d989e1d9e7f19a95a926e], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\Application Data\OpenCandy\8BC57F4C1B6A4D6BA4FB05A81FE18923\chrometest3.html, , [93af4d423d4d989e1d9e7f19a95a926e], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\uninstallkit.exe, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\Firefox\chrome.manifest, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect\Interop.Shell32.dll, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect\sqlite3.exe, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.OKitSpace.A, C:\Documents and Settings\Administrator\Application Data\okitspace\protect\utilsDll.dll, , [69d9622de4a681b521093663e023936d], 
PUP.Optional.NextLive.A, C:\Documents and Settings\Administrator\Application Data\newnext.me\nengine.dll, , [1b2798f76624d85e5dde603ae122fb05], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\000005.ldb, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\000104.log, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\CURRENT, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\LOCK, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\LOG, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\LOG.old, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.ShoppingSuggestion.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll\MANIFEST-000103, , [f44e395699f1c96d0b7df5c422e1ec14], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunKoala.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Hades.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\sFighter.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\ad.log, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\AptRelay.exe, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\baychimo.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Baychimo_UvFreqFilter.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\blacklist.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\bot.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\ChaDaoCheng.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Donovan.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Fireman.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Firemanii.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Foam.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Foamiii.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Friesian.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FsMovie.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunDodge.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunGecko.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunHippopotamus.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunHunter.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Hippopotamus.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Hunter.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\LuaConfig.txt, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Midnightii.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\MogulKahn.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\NailCmd.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Railway.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\rili_update.xml, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\scd.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\SeedIcon.ico, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunKoala64.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunKoalaSon.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunKoalaSon64.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunMidnight.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunNail.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunNail.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunPioneer.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunRelay.exe, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunSeed64.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunWorks.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\funworks.zip, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\FunWorks64.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Giraffe.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\sFunWorks.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Sika.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\sNail.lua, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Sniper.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\ssdodge.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\stg.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\sua.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\Titanic.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\touch.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\ua_save.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\vvsch.daw, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\WangJingSi.dll, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunData.A, C:\Documents and Settings\All Users\Application Data\Fundata\update\10e4a1d2132ccb5c6759f038cdb6f3DD.exe, , [ad952f60a1e9b6804bc46555887bcf31], 
PUP.Optional.FunAcce.A, C:\Documents and Settings\All Users\Application Data\FunAcce\config.ini, , [d270f699751554e28b793885907303fd], 
PUP.Optional.GboxApp.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/");), ,[73cf4c432b5fa98dc4d01f30d1351ee2]
PUP.Optional.MyStartSearch.A, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\search.json, Good: (), Bad: (mystartsearch), ,[b88a038cdab0241211a2d17c16f0837d]
PUP.Optional.MyStartSearch.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: (   "homepage": "http://www.mystartsearch.com/?type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX",), ,[dc66444b7614ae881324d17d9e68a55b]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
3)Here's AdwCleaner log after i cleaned found objects:
 
# AdwCleaner v4.203 - Logfile created 04/05/2015 at 15:45:27
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - ACER-93D8638D0A
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : bd0001
[#] Service Deleted : bd0002
[#] Service Deleted : bd0004
[#] Service Deleted : BDMWrench
Service Deleted : BDSGRTP
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\baidu
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Block The Ads
Folder Deleted : C:\Documents and Settings\All Users\Application Data\KingSoft
Folder Deleted : C:\Documents and Settings\All Users\Application Data\3d3d7eac0000518f
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{167b9347-ca21-57cb-167b-b9347ca24d1f}
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\TakeTheCoupon
Folder Deleted : C:\Program Files\KingSoft
Folder Deleted : C:\Program Files\AllCHeapPraICE
Folder Deleted : C:\Program Files\AllSavveer
Folder Deleted : C:\Program Files\CuoupExteinsion
Folder Deleted : C:\Program Files\DigiCoupoN
Folder Deleted : C:\Program Files\Happy2Seaave
Folder Deleted : C:\Program Files\Isaverr
Folder Deleted : C:\Program Files\IussavEr
Folder Deleted : C:\Program Files\NNetOCouupooN
Folder Deleted : C:\Program Files\RegulaRiDeuAls
Folder Deleted : C:\Program Files\UniDeals
Folder Deleted : C:\Program Files\UnIDealsee
Folder Deleted : C:\Program Files\youtubeadblocker
[!] Folder Deleted : C:\Program Files\Common Files\baidu
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Get LLC
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\baidu
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DownLite
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\HoolappforAndroid
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\newnext.me
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\okitspace
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SimilarSites
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Uniblue
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\KingSoft
[!] Folder Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
[!] Folder Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi
Folder Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\c0fi@s.org
Folder Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\fDb@s.com
Folder Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\kC@LT.edu
File Deleted : C:\Documents and Settings\Administrator\Application 
 
Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Local Extension Settings\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Local Extension Settings\ejbpjlaagejfakeobljhgplbgklgemll
File Deleted : C:\WINDOWS\system32\drivers\bd0001.sys
File Deleted : C:\Documents and Settings\Administrator\daemonprocess.txt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\mystartsearch.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Go for FilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [OKitSpace@OKitSpace.es]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hifnddafpdkmjljallgdlkjiiieidmec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\OKitSpace.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\CLASSES\OKitSpace
Key Deleted : HKLM\SOFTWARE\CLASSES\OKitSpace.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\0f38d34f-b1fa-8ed6-2d2a-9d61235044b0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-
 
28BF01070AFA}{6b57ae94}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{90A52F08-64AC-4DC6-9D7D-4516670275D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-
 
B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-
 
4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CF5A690-C8F4-488E-9D20-
 
F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-
 
3185DEA48697}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-
 
70B13FCA8E86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6C07882-D703-4DD5-905A-
 
2C4E815A5066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-
 
7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-
 
86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E8ED77-2FBA-4EC6-BC07-
 
65DE4DE6709F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2974C985-8151-4DE5-B23C-
 
B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-
 
4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CF5A690-C8F4-488E-9D20-
 
F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-
 
3185DEA48697}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-
 
70B13FCA8E86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6C07882-D703-4DD5-905A-
 
2C4E815A5066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-
 
7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013
 
-C41E3596E9E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-
 
8967-5A270628A3D5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B580CF65-E151-49C3-B73F-
 
70B13FCA8E86}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\DownLite
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\OKitSpace
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Vittalia
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
Key Deleted : HKU\.DEFAULT\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-
 
52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-
 
C31474E3C170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-
 
56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-
 
6646E1358965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-
 
73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-
 
1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-
 
E43723B0CE02}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B
 
-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DownLite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AD11DADE-C597
 
-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\zgametb
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 
 
local;127.0.0.1:9421;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
 
-\\ Mozilla Firefox v14.0.1 (en-US)
 
[ymvikiiu.default\prefs.js] - Line Deleted : user_pref("CertifiedToolbar_2938.global.CurrentSearchEngineSelection", "US: 
 
United States of America");
[ymvikiiu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "mystartsearch");
[ymvikiiu.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
[ymvikiiu.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/");
[ymvikiiu.default\prefs.js] - Line Deleted : user_pref("extensions.2bjuXjps0U2lv9ov.url", "hxxp://liversions.info/sync2/?
 
q=hfZ9oeDOh7OMCyVUojr9qjYMg708BNmGWj8qeihGheDUojw8rdrGrTa7qdn8rGhIC7n0rjkErHs6rdg9pjr6tNhVCT94t
 
MVKhd97rTwHrdU4rjwGrjYEqTCEpj[...]
 
-\\ Google Chrome v
 
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - 
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - 
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - 
 
Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?
 
type=ds&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX&q=
 
{searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure 
 
Preferences] - Deleted [Extension] : hifnddafpdkmjljallgdlkjiiieidmec
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure 
 
Preferences] - Deleted [Extension] : zzzzzzzzzzzzzzzzoibponkmmpgpmjgl
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure 
 
Preferences] - Deleted [Homepage] : hxxp://www.mystartsearch.com/?
 
type=hp&ts=1426432886&from=wpc&uid=HitachiXHDP725016GLA380_GEK834RHR0GZTAR0GZTAX
 
*************************
 
AdwCleaner[R1].txt - [16636 bytes] - [04/05/2015 15:41:16]
AdwCleaner[R2].txt - [16696 bytes] - [04/05/2015 15:44:31]
AdwCleaner[S1].txt - [15912 bytes] - [04/05/2015 15:45:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15972  bytes] ##########
 
AdwCleaner needed computer to restart after cleaning. And when computer restarted, those ESET messages poped up again.
 
4)Here's Farbar's log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Administrator (administrator) on ACER-93D8638D0A on 04-05-2015 16:16:41
Running from C:\Documents and Settings\Administrator\Desktop\FRST
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(百度在线网络技术(北京)有限公司) C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(深圳市迅雷网络技术有限公司) C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.253_1111\ThunderPlatform.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [986112 2007-01-01] ()
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {966b75aa-d960-11de-b227-d2fd2fd62382} - 1utbfd.bat
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {966b75ab-d960-11de-b227-d2fd2fd62382} - 1utbfd.bat
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {fa46911f-21a3-11df-9683-002185ce05db} - smserv.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Documents and Settings\All Users\Application Data\Fundata\Lucifer.dll [2015-04-17] (Funshion)
ShellIconOverlayIdentifiers: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Documents and Settings\Administrator\Local Settings\Application Data\Giraffe\FunSambar.dll [2014-12-24] (Funshion)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-507921405-1844823847-725345543-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://newtab.certified-toolbar.com/nie?si=41460&tid=2938&st=newtab&ts=1362147803265&tguid=41460-2938-1362147624687-99061" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {273C87CD-E683-43A2-A17F-4FC0E0835663} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {6579C26A-D848-4758-B066-A56CEB8D4957} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {CB3BCDF3-99B8-4A8E-BAF3-98C0616643B8} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {DAA0F4D3-FD32-4508-B205-5F6A787F0089} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C117A2E5-EFBF-4A3A-A3A5-128E43E2F584}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default
FF DefaultSearchEngine,S: 
FF DefaultSearchUrl: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "Localhost, 127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> D:\Downloads\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-10-09] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files\QvodPlayer\npShareModule.dll [2014-06-24] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-02-11] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-12-01] (Thunder Networking Technologies,LTD)
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-12-01] ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @ahnlab.com/asp/npmkd25aos -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll [2009-02-19] (AhnLab, Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @leeuu.com/npgboxruner;version= -> C:\Documents and Settings\Administrator\Application Data\gbox\npgboxruner.dll No File
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-10-09] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-12-01] (Thunder Networking Technologies,LTD)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-12-01] ( )
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-05-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\searchplugins\brothersoft-extreme3-customized-web-search.xml [2012-12-13]
FF Extension: Thunder Extension - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2014-12-01]
FF Extension: KFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16} [2011-03-16]
FF Extension: VFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17} [2011-06-10]
FF Extension: VFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18} [2011-11-04]
FF Extension: NewTabURL - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\newtaburl@sogame.cat.xpi [2012-06-13]
FF Extension: Usage Stat - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}.xpi [2012-06-30]
FF Extension: VFT Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}.xpi [2012-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2013-10-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-17]
FF Extension: flashget3 Extension - C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-04-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-24]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-04-24]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files\Industriya\privitize\1.8.21.6\privitize.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [filpbdedhmadigpgnibdjfaiolfjgepb] - C:\Documents and Settings\All Users\Application Data\wxDownload\filpbdedhmadigpgnibdjfaiolfjgepb.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fnjancchhkabckonnimkjhcjhnaopfob] - C:\Program Files\CertifiedToolbar\chrome\CertifiedToolbar.crx [Not Found]
CHR HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [Not Found]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6b57ae94; c:\Program Files\BorderlineRunner\BorderlineRunner.dll [1647104 2015-04-27] () [File not signed]
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BDSGRTP; C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (百度在线网络技术(北京)有限公司)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-07] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
S2 SkypeUpdate; D:\Downloads\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [177608 2014-12-01] (ShenZhen Xunlei Networking Technologies,LTD)
S2 eweoivgjr; C:\WINDOWS\system32\kiqhdb.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 apf001; C:\WINDOWS\system32\apf001.sys [13232 2012-01-05] () [File not signed]
S3 apf003; C:\WINDOWS\system32\apf003.sys [13232 2012-02-16] () [File not signed]
R1 bd0001; C:\WINDOWS\System32\DRIVERS\bd0001.sys [70984 2013-12-10] (Baidu)
R1 bd0004; C:\WINDOWS\System32\DRIVERS\bd0004.sys [183112 2013-12-10] (Baidu)
R1 BDMWrench; C:\WINDOWS\System32\DRIVERS\BDMWrench.sys [229712 2014-12-06] (Baidu)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 csctl50; C:\WINDOWS\System32\drivers\csctl50.sys [30224 2000-03-21] () [File not signed]
R3 DroidCam; C:\WINDOWS\System32\DRIVERS\droidcam.sys [28600 2015-03-30] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DRIVERS\droidcamvideo.sys [224440 2015-03-30] (Dev47Apps)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-06] (Disc Soft Ltd)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2006-03-01] (Microsoft Corporation)
S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2014-07-06] (Sony Mobile Communications)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 kinonivd; C:\WINDOWS\System32\DRIVERS\kinonivd.sys [2782080 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 KINONI_Wave; C:\WINDOWS\System32\drivers\kinonivad.sys [18432 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [48280 2014-12-15] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [30488 2014-12-15] (Visicom Media Inc.)
S3 Mkd2kfNt; C:\WINDOWS\System32\drivers\Mkd2kfNt.sys [133632 2009-10-13] (AhnLab, Inc.) [File not signed]
S3 Mkd2Nadr; C:\WINDOWS\System32\drivers\Mkd2Nadr.sys [79360 2009-07-13] (AhnLab, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [459520 2008-01-15] (Ralink Technology, Corp.) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KKH12D.tmp [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 XDva404; \??\C:\WINDOWS\system32\XDva404.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: eweoivgjr -> C:\WINDOWS\system32\kiqhdb.dll ==> No File.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 16:02 - 2015-05-04 16:17 - 00000000 ____D () C:\FRST
2015-05-04 15:54 - 2015-05-04 16:01 - 00016119 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S1].txt
2015-05-04 15:49 - 2015-05-04 16:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Baidu
2015-05-04 15:49 - 2015-05-04 15:49 - 03577048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-04 15:41 - 2015-05-04 15:47 - 00000000 ____D () C:\AdwCleaner
2015-05-04 15:31 - 2015-05-04 15:31 - 00051280 _____ () C:\Documents and Settings\Administrator\Desktop\MBAB.txt
2015-05-04 14:45 - 2015-05-04 16:08 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 14:43 - 2015-05-04 14:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 14:43 - 2015-05-04 14:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 14:43 - 2015-05-04 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 14:43 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-04 14:43 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-04 14:41 - 2015-05-04 15:38 - 00072423 _____ () C:\Documents and Settings\Administrator\Desktop\forum.txt
2015-05-04 11:46 - 2015-05-04 11:46 - 00000762 _____ () C:\Documents and Settings\Administrator\Desktop\dododo.txt
2015-05-04 11:27 - 2015-05-04 16:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\FRST
2015-05-04 10:21 - 2015-05-04 10:21 - 00000062 _____ () C:\Documents and Settings\Administrator\Desktop\ads.txt
2015-05-04 10:12 - 2015-05-04 10:12 - 00020083 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2015-05-04 10:12 - 2015-05-04 10:12 - 00018017 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2015-05-03 23:03 - 2015-05-03 23:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Skype
2015-05-03 23:02 - 2015-05-03 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Skype
2015-05-03 22:25 - 2015-05-03 22:26 - 00852630 _____ () C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2015-05-03 22:15 - 2015-05-03 22:18 - 02204160 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.203.exe
2015-05-03 22:08 - 2015-05-03 22:14 - 21546080 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-03 21:52 - 2015-05-03 21:52 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2015-04-30 11:52 - 2015-04-30 11:52 - 00000000 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp
2015-04-28 17:21 - 2015-05-03 21:39 - 00000000 ____D () C:\Program Files\Secure Downloader
2015-04-27 19:47 - 2015-05-04 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AdBlocker Manger
2015-04-27 19:27 - 2015-04-27 19:27 - 00000000 ____D () C:\Program Files\BorderlineRunner
2015-04-16 14:55 - 2015-04-16 15:16 - 00000105 _____ () C:\Documents and Settings\Administrator\Desktop\bugged.txt
2015-04-16 11:05 - 2015-04-16 11:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2015-04-11 13:56 - 2015-04-19 12:07 - 00000000 ____D () C:\Program Files\Deezer Mediakeys Reloaded
2015-04-04 14:20 - 2015-04-08 19:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\ManyCam
2015-04-04 14:20 - 2015-04-08 19:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\ManyCam
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 16:17 - 2009-11-16 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-04 16:06 - 2014-04-23 00:11 - 01973836 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-04 16:01 - 2012-07-06 13:18 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1844823847-725345543-500UA.job
2015-05-04 16:01 - 2012-07-06 13:18 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1844823847-725345543-500Core.job
2015-05-04 16:00 - 2013-06-12 22:45 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job
2015-05-04 15:53 - 2006-03-01 04:00 - 00000962 _____ () C:\WINDOWS\win.ini
2015-05-04 15:52 - 2009-11-25 10:04 - 00000000 ____D () C:\Documents and Settings\Administrator\.rainlendar2
2015-05-04 15:50 - 2014-04-23 00:13 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-04 15:50 - 2006-03-01 04:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-04 15:49 - 2014-09-13 13:11 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\Fundata
2015-05-04 15:49 - 2014-04-23 00:13 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-04 15:49 - 2014-04-12 10:09 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-04 15:49 - 2013-06-12 22:45 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job
2015-05-04 15:49 - 2010-02-08 15:53 - 00000526 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 15:49 - 2009-11-16 18:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-04 15:48 - 2014-04-23 00:12 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-04 15:48 - 2009-11-16 18:29 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-04 15:47 - 2009-11-16 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-04 15:42 - 2015-03-15 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale
2015-05-04 15:42 - 2014-09-14 10:13 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\FunAcce
2015-05-04 15:42 - 2013-11-14 18:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2015-05-04 15:40 - 2010-02-08 15:53 - 00000530 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 14:43 - 2013-12-23 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-05-04 10:21 - 2014-12-24 23:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Giraffe
2015-05-02 21:26 - 2015-03-20 18:20 - 00000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2015-04-28 17:21 - 2015-03-15 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\13404121775165886377
2015-04-27 23:12 - 2013-09-24 18:53 - 00000000 ____D () C:\Program Files\QvodPlayer
2015-04-16 15:23 - 2013-06-04 20:36 - 00000954 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2015-04-16 11:21 - 2014-04-12 11:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 10:43 - 2010-04-14 22:51 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-08 19:26 - 2015-03-17 22:40 - 00000000 ____D () C:\Program Files\ManyCam
2015-04-08 18:21 - 2009-11-26 06:53 - 00163328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-08 18:21 - 2009-11-26 06:53 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
 
==================== Files in the root of some directories =======
 
2015-02-26 01:48 - 2015-02-26 11:12 - 2097152000 _____ () C:\Program Files\GarenaHoN_3060303.1.dat
2015-02-26 01:48 - 2015-02-26 11:12 - 1230688542 _____ () C:\Program Files\GarenaHoN_3060303.2.dat
2015-02-26 02:47 - 2015-02-26 03:09 - 0128552 _____ () C:\Program Files\GarenaHoN_3060303.exe
2013-02-15 22:29 - 2008-03-09 07:25 - 0000236 _____ () C:\Program Files\Common Files\dx.reg
2013-02-15 22:29 - 2013-02-15 22:30 - 0002541 _____ () C:\Program Files\Common Files\unins000.dat
2013-02-15 22:29 - 2013-02-15 22:29 - 0728858 _____ () C:\Program Files\Common Files\unins000.exe
2012-06-26 15:32 - 2012-06-26 15:32 - 0002508 ____C () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2015-03-20 18:20 - 2015-05-02 21:26 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2013-06-04 20:36 - 2015-04-16 15:23 - 0000954 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2011-12-19 13:28 - 2011-12-19 13:28 - 0051186 ____C () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2009-11-26 06:53 - 2015-04-08 18:21 - 0163328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-01 17:35 - 2013-04-01 17:35 - 0026900 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Addition log is in attachment.
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 09 May 2015 - 03:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575198 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hwa93

hwa93
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 10 May 2015 - 03:26 AM

Hello! I still need help,please.
 
Description: 
 
Every time I start up my desktop, I keep this getting messages from ESET:
 
Potential threat found
Object: Operating memory - rundll32.exe (1892)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
After I clean it or delete it, it comes back again when I startup my desktop next time. Also number in brackets after rundll32.exe is changing such as:
 
Potential threat found
Object: Operating memory - rundll32.exe (1920)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
It has been more than a month I keep getting these message from ESET.
 
 
Additionally, I keep getting random ads during I browse with Google Chrome browser:
 
Sometimes I get ads such as http://my.myroyalewin.com/user_rw/english/u_livecasino?up=ad11 and 2015 Annual Visitor Survey and other random ads. Sometimes when my google chrome browser just loaded any page,after few seconds, the page will automatically change to the ads site.By the time the ads is completely loaded, I cannot click the back button to go back to my previous page as the back button is not highlighted already.
 
Among the ads is the audio ads randomly playing in the background of my Google Chrome browser.There are no specific names of the audio ads and these audio ads always appears whenever I am browsing items on an online shopping site    ( www.lazada.com.my )
When I close the tab/ click the back button on the page with audio ads , there is a message appear to ask me to leave the page or stay on the page.
 
One of the message I get after close the tab/ click the back button on the page with audio ads is:
 
****************************************
**
WAIT BEFORE YOU GO!
CLICK THE *CANCEL* BUTTON RIGHT NOW
TO STAY ON THE CURRENT PAGE.
I HAVE SOETHING VERY SPECIAL FOR YOU!
****************************************
**
Are you Sure you want to leave this page?
Option1:Levae this Page     Option2:Stay on this Page
 
I always click the Option1:Leave this page,but the audio ads and message still appears everytime.
 
 
It might be the ads that causes the messages to appear from ESET.
I have perform the Farbar Recovery Scan Tool.
I do not have my original Windows CD/DVD.
 
 
Here's the new FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Administrator (administrator) on ACER-93D8638D0A on 10-05-2015 15:55:00
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(百度在线网络技术(北京)有限公司) C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(深圳市迅雷网络技术有限公司) C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.253_1111\ThunderPlatform.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [986112 2007-01-01] ()
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {966b75aa-d960-11de-b227-d2fd2fd62382} - 1utbfd.bat
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {966b75ab-d960-11de-b227-d2fd2fd62382} - 1utbfd.bat
HKU\S-1-5-21-507921405-1844823847-725345543-500\...\MountPoints2: {fa46911f-21a3-11df-9683-002185ce05db} - smserv.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
ShellIconOverlayIdentifiers: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Documents and Settings\Administrator\Local Settings\Application Data\Giraffe\FunSambar.dll [2014-12-24] (Funshion)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-507921405-1844823847-725345543-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://newtab.certified-toolbar.com/nie?si=41460&tid=2938&st=newtab&ts=1362147803265&tguid=41460-2938-1362147624687-99061" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {273C87CD-E683-43A2-A17F-4FC0E0835663} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {6579C26A-D848-4758-B066-A56CEB8D4957} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {CB3BCDF3-99B8-4A8E-BAF3-98C0616643B8} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> {DAA0F4D3-FD32-4508-B205-5F6A787F0089} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-507921405-1844823847-725345543-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default
FF DefaultSearchEngine,S: 
FF DefaultSearchUrl: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "Localhost, 127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> D:\Downloads\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-10-09] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files\QvodPlayer\npShareModule.dll [2014-06-24] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-02-11] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-12-01] (Thunder Networking Technologies,LTD)
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-12-01] ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @ahnlab.com/asp/npmkd25aos -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll [2009-02-19] (AhnLab, Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @leeuu.com/npgboxruner;version= -> C:\Documents and Settings\Administrator\Application Data\gbox\npgboxruner.dll No File
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll [2014-10-09] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-12-01] (Thunder Networking Technologies,LTD)
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2014-12-01] ( )
FF Plugin HKU\S-1-5-21-507921405-1844823847-725345543-500: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-05-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\searchplugins\brothersoft-extreme3-customized-web-search.xml [2015-05-10]
FF Extension: Thunder Extension - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2014-12-01]
FF Extension: KFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16} [2011-03-16]
FF Extension: VFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17} [2011-06-10]
FF Extension: VFD Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18} [2011-11-04]
FF Extension: NewTabURL - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\newtaburl@sogame.cat.xpi [2012-06-13]
FF Extension: Usage Stat - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}.xpi [2012-06-30]
FF Extension: VFT Flv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\Extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}.xpi [2012-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2013-10-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-17]
FF Extension: flashget3 Extension - C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-04-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-24]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-04-24]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymvikiiu.default\extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [BHNJJBCNBMJMHGPLIAHLAMECMBEJPAOL] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files\Industriya\privitize\1.8.21.6\privitize.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [filpbdedhmadigpgnibdjfaiolfjgepb] - C:\Documents and Settings\All Users\Application Data\wxDownload\filpbdedhmadigpgnibdjfaiolfjgepb.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fnjancchhkabckonnimkjhcjhnaopfob] - C:\Program Files\CertifiedToolbar\chrome\CertifiedToolbar.crx [Not Found]
CHR HKU\S-1-5-21-507921405-1844823847-725345543-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [BHNJJBCNBMJMHGPLIAHLAMECMBEJPAOL] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [Not Found]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6b57ae94; c:\Program Files\BorderlineRunner\BorderlineRunner.dll [1647104 2015-05-10] () [File not signed]
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BDSGRTP; C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (百度在线网络技术(北京)有限公司)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-07] (Oracle Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
S2 SkypeUpdate; D:\Downloads\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [177608 2014-12-01] (ShenZhen Xunlei Networking Technologies,LTD)
S2 eweoivgjr; C:\WINDOWS\system32\kiqhdb.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 apf001; C:\WINDOWS\system32\apf001.sys [13232 2012-01-05] () [File not signed]
S3 apf003; C:\WINDOWS\system32\apf003.sys [13232 2012-02-16] () [File not signed]
R1 bd0001; C:\WINDOWS\System32\DRIVERS\bd0001.sys [70984 2013-12-10] (Baidu)
R1 bd0004; C:\WINDOWS\System32\DRIVERS\bd0004.sys [183112 2013-12-10] (Baidu)
R1 BDMWrench; C:\WINDOWS\System32\DRIVERS\BDMWrench.sys [229712 2014-12-06] (Baidu)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 csctl50; C:\WINDOWS\System32\drivers\csctl50.sys [30224 2000-03-21] () [File not signed]
R3 DroidCam; C:\WINDOWS\System32\DRIVERS\droidcam.sys [28600 2015-03-30] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DRIVERS\droidcamvideo.sys [224440 2015-03-30] (Dev47Apps)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-06] (Disc Soft Ltd)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2006-03-01] (Microsoft Corporation)
S3 ggsomc; C:\WINDOWS\System32\DRIVERS\ggsomc.sys [26328 2014-07-06] (Sony Mobile Communications)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 kinonivd; C:\WINDOWS\System32\DRIVERS\kinonivd.sys [2782080 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 KINONI_Wave; C:\WINDOWS\System32\drivers\kinonivad.sys [18432 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [48280 2014-12-15] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [30488 2014-12-15] (Visicom Media Inc.)
S3 Mkd2kfNt; C:\WINDOWS\System32\drivers\Mkd2kfNt.sys [133632 2009-10-13] (AhnLab, Inc.) [File not signed]
S3 Mkd2Nadr; C:\WINDOWS\System32\drivers\Mkd2Nadr.sys [79360 2009-07-13] (AhnLab, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [459520 2008-01-15] (Ralink Technology, Corp.) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KKH12D.tmp [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 XDva404; \??\C:\WINDOWS\system32\XDva404.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: eweoivgjr -> C:\WINDOWS\system32\kiqhdb.dll ==> No File.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 15:52 - 2015-05-10 15:55 - 00026870 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-05-10 15:51 - 2015-05-10 15:51 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-05-10 15:02 - 2015-05-10 15:51 - 00001370 _____ () C:\Documents and Settings\Administrator\Desktop\forum3.txt
2015-05-10 15:02 - 2015-05-10 15:02 - 00001131 _____ () C:\Documents and Settings\Administrator\My Documents\forum3.txt
2015-05-10 11:03 - 2015-05-10 15:54 - 00008158 _____ () C:\WINDOWS\setupapi.log
2015-05-10 10:50 - 2015-05-10 10:50 - 00201240 _____ () C:\WINDOWS\system32\Scrax.dll
2015-05-10 10:50 - 2015-05-10 10:50 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Softonic-Eng7
2015-05-10 10:50 - 2015-05-10 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FunAcce
2015-05-10 10:49 - 2015-05-10 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Fundata
2015-05-10 10:49 - 2015-05-10 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AdBlocker Manger
2015-05-10 10:49 - 2015-05-10 10:49 - 00197656 _____ () C:\WINDOWS\system32\SSup.dll
2015-05-10 10:49 - 2015-05-10 10:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Block The Ads
2015-05-10 10:24 - 2015-05-10 10:25 - 03576088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-10 10:14 - 2015-05-10 12:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\f2
2015-05-09 13:58 - 2015-05-09 13:58 - 00000000 ____D () C:\Program Files\Skype
2015-05-09 13:58 - 2015-05-09 13:58 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-09 13:58 - 2015-05-09 13:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-05-08 22:04 - 2015-05-08 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-06 21:47 - 2015-05-10 13:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\f1
2015-05-04 16:02 - 2015-05-10 15:55 - 00000000 ____D () C:\FRST
2015-05-04 15:49 - 2015-05-04 16:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Baidu
2015-05-04 15:41 - 2015-05-04 15:47 - 00000000 ____D () C:\AdwCleaner
2015-05-04 14:45 - 2015-05-10 12:54 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 14:43 - 2015-05-04 14:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 14:43 - 2015-05-04 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 14:43 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-04 14:43 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-03 23:03 - 2015-05-03 23:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Skype
2015-05-03 23:02 - 2015-05-03 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Skype
2015-05-03 22:15 - 2015-05-03 22:18 - 02204160 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.203.exe
2015-04-30 11:52 - 2015-04-30 11:52 - 00000000 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp
2015-04-28 17:21 - 2015-05-03 21:39 - 00000000 ____D () C:\Program Files\Secure Downloader
2015-04-27 19:27 - 2015-05-10 10:57 - 00000000 ____D () C:\Program Files\BorderlineRunner
2015-04-11 13:56 - 2015-04-19 12:07 - 00000000 ____D () C:\Program Files\Deezer Mediakeys Reloaded
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 15:55 - 2009-11-16 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-10 15:40 - 2010-02-08 15:53 - 00000530 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 15:01 - 2012-07-06 13:18 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1844823847-725345543-500UA.job
2015-05-10 15:00 - 2013-06-12 22:45 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job
2015-05-10 14:29 - 2009-11-25 10:04 - 00000000 ____D () C:\Documents and Settings\Administrator\.rainlendar2
2015-05-10 14:01 - 2014-04-23 00:11 - 01164149 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 13:54 - 2006-03-01 04:00 - 00000962 _____ () C:\WINDOWS\win.ini
2015-05-10 13:51 - 2014-04-23 00:13 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-10 13:51 - 2014-04-23 00:13 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-10 13:51 - 2014-04-12 10:09 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-10 13:51 - 2013-06-12 22:45 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job
2015-05-10 13:51 - 2010-02-08 15:53 - 00000526 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 13:51 - 2009-11-16 18:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 13:51 - 2006-03-01 04:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-10 13:50 - 2014-04-23 00:12 - 00032230 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 13:49 - 2009-11-16 18:29 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-10 13:48 - 2013-11-14 18:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2015-05-10 10:50 - 2015-03-15 23:19 - 00000000 ____D () C:\Program Files\Music Maker
2015-05-10 10:50 - 2015-03-15 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\nhlonmckikknnibdbfcfpnedpmbheale
2015-05-10 10:50 - 2015-03-12 17:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FunUninstall
2015-05-10 10:50 - 2014-04-24 22:04 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2015-05-10 10:50 - 2014-04-11 12:06 - 00000000 ____D () C:\Program Files\VLC Player GPU+
2015-05-10 10:35 - 2014-08-29 21:04 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\p.uni
2015-05-10 10:21 - 2009-11-16 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-10 10:16 - 2014-04-24 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TNod User & Password Finder
2015-05-10 10:16 - 2010-08-27 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kingsoft Office 2010
2015-05-10 10:16 - 2009-12-25 09:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-10 01:04 - 2014-12-24 23:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Giraffe
2015-05-10 00:38 - 2014-07-07 13:30 - 00000000 ___HD () C:\WINDOWS\PIF
2015-05-09 16:01 - 2012-07-06 13:18 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1844823847-725345543-500Core.job
2015-05-09 13:58 - 2009-11-25 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-05-09 12:05 - 2015-03-20 18:20 - 00000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2015-05-08 22:05 - 2014-03-22 19:42 - 00000000 ____D () C:\Program Files\TeamViewer
2015-05-08 15:00 - 2014-04-12 10:09 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-04 14:43 - 2013-12-23 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-28 17:21 - 2015-03-15 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\13404121775165886377
2015-04-27 23:12 - 2013-09-24 18:53 - 00000000 ____D () C:\Program Files\QvodPlayer
2015-04-16 15:23 - 2013-06-04 20:36 - 00000954 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2015-04-16 11:21 - 2014-04-12 11:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 10:43 - 2010-04-14 22:51 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-02-26 01:48 - 2015-02-26 11:12 - 2097152000 _____ () C:\Program Files\GarenaHoN_3060303.1.dat
2015-02-26 01:48 - 2015-02-26 11:12 - 1230688542 _____ () C:\Program Files\GarenaHoN_3060303.2.dat
2015-02-26 02:47 - 2015-02-26 03:09 - 0128552 _____ () C:\Program Files\GarenaHoN_3060303.exe
2013-02-15 22:29 - 2008-03-09 07:25 - 0000236 _____ () C:\Program Files\Common Files\dx.reg
2013-02-15 22:29 - 2013-02-15 22:30 - 0002541 _____ () C:\Program Files\Common Files\unins000.dat
2013-02-15 22:29 - 2013-02-15 22:29 - 0728858 _____ () C:\Program Files\Common Files\unins000.exe
2012-06-26 15:32 - 2012-06-26 15:32 - 0002508 ____C () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2015-03-20 18:20 - 2015-05-09 12:05 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2013-06-04 20:36 - 2015-04-16 15:23 - 0000954 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2011-12-19 13:28 - 2011-12-19 13:28 - 0051186 ____C () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2009-11-26 06:53 - 2015-04-08 18:21 - 0163328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-01 17:35 - 2013-04-01 17:35 - 0026900 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Addition log is in attachment.
 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:52 PM

Posted 11 May 2015 - 07:35 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:52 PM

Posted 13 May 2015 - 11:45 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.

Thank you for your understanding.


Regards,
Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:52 PM

Posted 20 May 2015 - 12:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users