Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & google keeps redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 baki18

baki18

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 17 May 2015 - 07:37 AM

Do not know how to remove it

when i search on the browser (google chrome), i typed hybrid system definition and

this happened Hybrid system definition??trackid=sp-006 

picture attached explains everything 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Mere Radekedeke (administrator) on ADMIN on 18-05-2015 00:01:31
Running from C:\Users\Mere Radekedeke\Downloads
Loaded Profiles: Mere Radekedeke (Available profiles: Mere Radekedeke)
Platform: Microsoft Windows 8 Pro with Media Center (X86) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files\Connect Nomad\EVDOListener.exe
(IObit) C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( NewSoftwares.net, Inc.) C:\Windows\System32\WinFLTray.exe
() C:\Program Files\Common Files\EVDODeviceHelper\EVDOServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NewSoftwares.net, Inc.) C:\Windows\System32\WinFLService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Data Backup\DataBackup.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Filipe Lourenço) C:\Program Files\BatteryCare\BatteryCare.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Data Backup\DataBackupSrv.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
() C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_0606535398b4f643\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\ThumbnailExtractionHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2014-02-20] (RealNetworks, Inc.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2048928 2011-11-05] (Zbshareware Lab)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-16] (PC Tools)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [EVDOListener] => C:\Program Files\Connect Nomad\EVDOListener.exe [106496 2010-07-02] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [vmware-tray.exe] => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [112856 2014-06-12] (VMware, Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-16] (Avast Software s.r.o.)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [WinFLTray] => C:\Windows\system32\WinFLTray.exe [313944 2014-02-20] ( NewSoftwares.net, Inc.)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [FLBackup] => C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [296960 2014-02-20] ()
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [NETGATEDataBackup] => C:\Program Files\NETGATE\Data Backup\DataBackup.exe [1771400 2012-09-25] (NETGATE Technologies s.r.o.)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [BatteryCare] => C:\Program Files\BatteryCare\BatteryCare.exe [788992 2015-01-29] (Filipe Lourenço)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [335360 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvrd.exe <===== ATTENTION
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: H - "H:\autorun.exe" 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: {8e62a615-9982-11e3-af9c-98d13c92eca3} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: {92abc503-99bc-11e3-afa4-815f6d655592} - "F:\AutoRun.exe" 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: {92abc578-99bc-11e3-afa4-815f6d655592} - "F:\AutoRun.exe" 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: {fbf2afa7-1b41-11e4-b000-54bef75b18d1} - "G:\autorun.exe" 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\MountPoints2: {fbf2b010-1b41-11e4-b000-54bef75b18d1} - "G:\autorun.exe" 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
IFEO\startmenu8.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
Startup: C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s.lnk [2015-05-07]
ShortcutTarget: s.lnk -> C:\Users\Mere Radekedeke\AppData\Roaming\obbmmyedum.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-16] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-115510354-3384020669-2148933896-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-115510354-3384020669-2148933896-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-115510354-3384020669-2148933896-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={69E33B37-9B1C-4269-88B1-FABD24EF1529}&mid=ea1cb2b58fa547d28c180ec224e17260-efa249a1e6706cb4f0e36c81e683a9e1f83c9d78&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-02 13:46:27&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-115510354-3384020669-2148933896-1001 -> {AB2FAAC7-9633-4E4A-8F9A-B33DCE582236} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2014-02-20] (RealPlayer)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-16] (Avast Software s.r.o.)
BHO: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Dragon Branch -> {d640ce67-58e4-43c2-9adc-6bb959d7c606} -> C:\Program Files\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-21] (Oracle Corporation)
Handler: gopher - No CLSID Value - 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Filter: deflate - No CLSID Value - 
Filter: gzip - No CLSID Value - 
Filter: lzdhtml - No CLSID Value - 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0977AFCA-0BAE-4355-B010-F353CED16B71}: [NameServer] 202.62.120.4 202.62.124.238
 
FireFox:
========
FF ProfilePath: C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "backup.ftp", "172.16.99.3"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "172.16.99.3"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "172.16.99.3"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "172.16.99.5"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "172.16.99.5"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "172.16.99.5"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "172.16.99.5"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-14] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-21] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-20] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2014-02-20] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2014-02-20] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-02-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2014-02-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2014-02-20] (RealNetworks, Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default\Extensions\artur.dubovoy@gmail.com [2015-04-21]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default\Extensions\iobitascsurfingprotection@iobit.com [2015-04-13]
FF Extension: Dragon Branch - C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default\Extensions\{b289be59-5523-46da-882a-bb5d75ca370e}.xpi [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2014-02-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-16]
FF HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files\WordWeb\WCaptureMoz [2014-02-20]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR Profile: C:\Users\Mere Radekedeke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Mere Radekedeke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mere Radekedeke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Mere Radekedeke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-16] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-16] (Avast Software s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-03-06] (Intel Corporation)
R2 EVDO Device Helper; C:\Program Files\Common Files\EVDODeviceHelper\EVDOServiceManager.exe [45056 2010-07-02] () [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-15] ()
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2014-02-20] ()
R2 NGDatBckpSrv; C:\Program Files\NETGATE\Data Backup\DataBackupSrv.exe [365928 2011-08-17] (NETGATE Technologies s.r.o.)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-29] (PC Tools)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [311378 2013-04-23] (IDT, Inc.) [File not signed]
S4 StartMenuService; C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-03-13] (IObit)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1742136 2013-12-18] (TuneUp Software)
R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-03-11] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-02] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-16] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-16] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-16] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-05-16] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-16] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-16] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-16] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-16] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-16] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
S3 CT_TCT_U_USBSER; C:\Windows\system32\DRIVERS\CT_TCT_U_USBSER.sys [103552 2009-05-14] (TCT Incorporated)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2015-03-25] (IObit)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-04-13] (REALiX™)
R3 L1C; C:\Windows\system32\DRIVERS\L1C63x86.sys [110792 2013-04-26] (Qualcomm Atheros Co., Ltd.)
R3 MEI; C:\Windows\system32\DRIVERS\TeeDriver.sys [86488 2014-07-08] (Intel Corporation)
R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2014-02-20] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2015-03-25] (IObit.com)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3223256 2015-04-13] (Realtek Semiconductor Corporation                           )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [25560 2012-08-02] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-12-17] (TuneUp Software)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2015-03-25] (IObit.com)
S3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.)
R2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam.sys [1068216 2012-04-16] (Windows ® Win 7 DDK provider)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [30608 2014-02-20] ()
S3 WinRing0_1_2_0; C:\Program Files\BatteryCare\WinRing0.sys [14416 2014-03-22] (OpenLibSys.org)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [113688 2011-10-27] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [113688 2011-10-27] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\system32\DRIVERS\zghsnmea.sys [113688 2011-10-27] (ZTE Incorporated)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2014-02-20] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 23:56 - 2015-05-18 00:01 - 00045772 _____ () C:\Users\Mere Radekedeke\Downloads\Addition.txt
2015-05-17 23:55 - 2015-05-18 00:01 - 00027795 _____ () C:\Users\Mere Radekedeke\Downloads\FRST.txt
2015-05-17 23:53 - 2015-05-18 00:01 - 00000000 ____D () C:\FRST
2015-05-17 23:50 - 2015-05-17 23:50 - 01146368 _____ (Farbar) C:\Users\Mere Radekedeke\Downloads\FRST.exe
2015-05-17 23:49 - 2015-05-17 23:49 - 01107968 _____ () C:\Users\Mere Radekedeke\Downloads\RSIT.exe
2015-05-17 23:49 - 2015-05-17 23:49 - 01107968 _____ () C:\Users\Mere Radekedeke\Downloads\RSIT (1).exe
2015-05-17 23:24 - 2015-05-17 23:28 - 00000000 ____D () C:\AdwCleaner
2015-05-17 23:23 - 2015-05-17 23:23 - 02209792 _____ () C:\Users\Mere Radekedeke\Downloads\adwcleaner_4.204.exe
2015-05-17 23:19 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mere Radekedeke\Downloads\TDSSKiller.exe
2015-05-17 23:17 - 2015-05-17 23:18 - 04176437 _____ () C:\Users\Mere Radekedeke\Downloads\tdsskiller.zip
2015-05-17 17:42 - 2015-05-17 17:43 - 00479216 _____ () C:\Windows\Minidump\051715-36218-01.dmp
2015-05-17 15:11 - 2015-05-17 23:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 15:11 - 2015-05-17 23:16 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 20:28 - 2015-05-16 20:28 - 00002011 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-05-16 13:27 - 2015-05-16 13:27 - 00000949 _____ () C:\Users\Mere Radekedeke\Desktop\TinyCAD.lnk
2015-05-16 13:27 - 2015-05-16 13:27 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\TinyCAD
2015-05-16 13:27 - 2015-05-16 13:27 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD
2015-05-16 13:27 - 2015-05-16 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyCAD
2015-05-16 13:27 - 2015-05-16 13:27 - 00000000 ____D () C:\Program Files\TinyCAD
2015-05-16 13:22 - 2015-05-16 13:22 - 00001005 _____ () C:\Users\Public\Desktop\BatteryCare.lnk
2015-05-16 10:43 - 2015-05-17 12:27 - 00001692 _____ () C:\Windows\PFRO.log
2015-05-16 10:20 - 2015-05-16 10:20 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-16 10:11 - 2015-05-16 10:11 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-16 09:46 - 2015-05-16 10:21 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\Dropbox
2015-05-16 09:35 - 2015-05-16 09:35 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\AVAST Software
2015-05-16 09:33 - 2015-05-16 09:33 - 00002141 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-05-16 09:33 - 2015-05-16 09:33 - 00002081 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-05-16 09:33 - 2015-05-16 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-16 09:31 - 2015-05-16 09:31 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-16 09:31 - 2015-05-16 09:31 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-16 09:31 - 2015-05-16 09:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-16 09:31 - 2015-05-16 09:31 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-16 09:31 - 2015-05-16 09:30 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-16 09:31 - 2015-05-16 09:30 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-05-16 09:30 - 2015-05-16 09:30 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-05-16 09:08 - 2015-05-16 10:23 - 00000298 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Mere_Radekedeke.job
2015-05-16 09:06 - 2015-05-16 09:06 - 65777664 _____ () C:\Windows\system32\config\software.iobit
2015-05-16 09:06 - 2015-05-16 09:06 - 00360448 _____ () C:\Windows\system32\config\default.iobit
2015-05-16 09:06 - 2015-05-16 09:06 - 00065536 _____ () C:\Windows\system32\config\sam.iobit
2015-05-16 09:06 - 2015-05-16 09:06 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2015-05-16 09:03 - 2015-05-16 09:03 - 01309689 _____ (SmadSoft ) C:\Users\Mere Radekedeke\Downloads\smadav101.exe
2015-05-16 09:02 - 2015-05-16 09:02 - 05471128 _____ (Avast Software s.r.o.) C:\Users\Mere Radekedeke\Downloads\avast_premier_antivirus_setup_online.exe
2015-05-16 09:01 - 2015-05-16 09:01 - 05471128 _____ (Avast Software s.r.o.) C:\Users\Mere Radekedeke\Downloads\avast_internet_security_setup_online.exe
2015-05-16 09:00 - 2015-05-16 09:00 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Mere Radekedeke\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-15 21:51 - 2015-05-15 21:51 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-15 21:51 - 2015-05-15 21:51 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Local\Skype
2015-05-15 21:51 - 2015-05-15 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-15 21:51 - 2015-05-15 21:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-15 21:48 - 2015-05-15 21:48 - 00000000 ____D () C:\Program Files\IDT
2015-05-15 21:48 - 2013-04-23 03:33 - 06111232 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2015-05-15 21:48 - 2013-04-23 03:33 - 01862656 _____ (IDT, Inc.) C:\Windows\system32\IDTNCPL.cpl
2015-05-15 21:48 - 2013-04-23 03:33 - 01463808 _____ (IDT, Inc.) C:\Windows\system32\stapo.dll
2015-05-15 21:48 - 2013-04-23 03:33 - 00556544 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2015-05-15 21:33 - 2014-04-17 06:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-05-15 14:10 - 2015-05-15 14:10 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Local\Avg2015
2015-05-15 13:52 - 2015-05-15 13:52 - 00002259 _____ () C:\Windows\epplauncher.mif
2015-05-15 13:43 - 2015-05-16 10:26 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\Microsoft Essentials Anti-Virus
2015-05-14 14:56 - 2015-05-14 14:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 11:05 - 2015-05-06 05:49 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-14 11:05 - 2015-05-06 05:49 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 01:05 - 2015-04-13 16:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:05 - 2015-04-13 16:05 - 01010176 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:05 - 2015-04-13 15:04 - 03400704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 01:04 - 2015-04-14 10:09 - 00492256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 00:54 - 2015-04-13 16:06 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:48 - 2015-04-22 02:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 00:48 - 2015-04-22 02:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 00:48 - 2015-04-22 02:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 00:48 - 2015-04-18 14:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 00:19 - 2015-05-02 16:36 - 00080728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 00:19 - 2015-05-02 15:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 23:36 - 2015-05-01 01:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:52 - 2015-05-16 10:26 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\301 field trip
2015-05-13 15:14 - 2015-05-13 15:15 - 08216760 _____ () C:\Users\Mere Radekedeke\Desktop\TinyCAD_2.80.06_626_Production_Release.exe
2015-05-13 10:13 - 2015-05-17 17:42 - 276621551 _____ () C:\Windows\MEMORY.DMP
2015-05-13 10:13 - 2015-05-13 10:13 - 00477096 _____ () C:\Windows\Minidump\051315-41296-01.dmp
2015-05-13 09:12 - 2015-05-13 09:12 - 05144576 _____ () C:\Windows\system32\config\drivers.iobit
2015-05-13 09:06 - 2015-05-13 09:06 - 00676864 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:06 - 2015-05-13 09:06 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:06 - 2015-05-13 09:06 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:05 - 2015-05-13 09:05 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 09:04 - 2015-05-13 09:04 - 01374720 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 09:03 - 2015-05-13 09:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 09:02 - 2015-05-13 09:02 - 01933312 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:59 - 2015-05-13 08:59 - 00002102 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-05-13 08:45 - 2015-05-13 08:45 - 00001143 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-05-13 08:45 - 2015-05-13 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-05-07 18:11 - 2015-05-07 23:58 - 00000000 ____D () C:\Users\Mere Radekedeke\Downloads\EE301 Report Lab7
2015-05-07 17:56 - 2015-05-07 17:56 - 00251396 _____ () C:\Users\Mere Radekedeke\Downloads\FueL Cell Experiment Part - 1 (1).tif
2015-05-07 17:37 - 2015-05-07 18:03 - 00182804 _____ () C:\Users\Mere Radekedeke\Downloads\Part - 3.tif
2015-05-07 17:37 - 2015-05-07 18:02 - 00698812 _____ () C:\Users\Mere Radekedeke\Downloads\Part - 2.tif
2015-05-07 17:36 - 2015-05-07 18:00 - 00650584 _____ () C:\Users\Mere Radekedeke\Downloads\FueL Cell Experiment Part - 1.tif
2015-05-07 12:36 - 2015-05-07 12:37 - 03670080 _____ () C:\Users\Mere Radekedeke\Downloads\Bradford Dissolvable Agent (1).exe
2015-05-06 14:58 - 2015-05-06 14:58 - 00000411 _____ () C:\Users\Mere Radekedeke\Desktop\motor program.txt
2015-05-06 01:26 - 2015-05-17 12:21 - 00000000 ____D () C:\Users\Mere Radekedeke\Downloads\ee313 pro
2015-05-01 12:13 - 2015-05-01 12:13 - 00160464 _____ () C:\Windows\Minidump\050115-59734-01.dmp
2015-04-30 16:18 - 2015-04-30 16:32 - 00000000 ____D () C:\Users\Mere Radekedeke\Downloads\EE301 Project
2015-04-29 15:57 - 2015-04-29 13:49 - 00007231 _____ () C:\Users\Mere Radekedeke\Desktop\WAR.txt
2015-04-29 14:40 - 2015-04-29 14:40 - 00000374 _____ () C:\Users\Mere Radekedeke\Desktop\mere war.txt
2015-04-22 18:12 - 2015-04-22 18:15 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\mp4
2015-04-22 17:49 - 2015-04-22 18:55 - 58765272 _____ () C:\Users\Mere Radekedeke\Downloads\Raising Helen 2004 Full Movie.mp4
2015-04-22 10:37 - 2015-04-22 10:37 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\HOMER Energy
2015-04-22 10:37 - 2015-04-22 10:37 - 00000000 ____D () C:\ProgramData\Reprise
2015-04-22 10:33 - 2015-04-21 11:34 - 22711808 _____ () C:\Users\Mere Radekedeke\Desktop\HomerPro-3.1.4.msi
2015-04-21 12:16 - 2015-04-21 12:16 - 00154528 _____ () C:\Windows\Minidump\042115-91671-01.dmp
2015-04-19 14:16 - 2015-05-17 23:31 - 00000000 ____D () C:\Users\Mere Radekedeke\Tracing
2015-04-19 14:02 - 2015-04-19 14:02 - 00001261 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-04-19 14:02 - 2015-04-19 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-04-19 14:01 - 2015-04-19 14:01 - 00001334 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-04-19 14:01 - 2015-04-19 14:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-04-19 14:00 - 2015-04-19 14:00 - 00002436 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-04-19 14:00 - 2015-04-19 14:00 - 00001408 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-04-19 13:58 - 2015-04-19 14:00 - 00000000 ____D () C:\Program Files\Windows Live
2015-04-19 13:57 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-19 13:57 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-19 13:57 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-19 13:57 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-19 13:56 - 2015-04-19 13:56 - 00002267 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-04-19 13:56 - 2015-04-19 13:56 - 00002173 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-04-19 13:56 - 2015-04-19 13:56 - 00002173 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-04-19 13:56 - 2015-04-19 13:56 - 00000000 ___RD () C:\Users\Mere Radekedeke\OneDrive
2015-04-19 13:56 - 2015-04-19 13:56 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-04-19 13:56 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-04-19 13:56 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-04-19 13:55 - 2015-04-19 13:55 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-04-19 13:53 - 2015-04-22 17:05 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Local\Windows Live
2015-04-19 13:53 - 2015-04-19 13:53 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2015-04-19 13:51 - 2015-04-19 13:51 - 01239752 _____ (Microsoft Corporation) C:\Users\Mere Radekedeke\Downloads\wlsetup-web.exe
2015-04-18 09:34 - 2015-04-18 09:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-04-18 09:34 - 2015-04-18 09:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 00:00 - 2014-04-30 08:11 - 01885013 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 00:00 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\system32\sru
2015-05-17 23:32 - 2014-10-30 00:52 - 00000000 ____D () C:\ProgramData\VMware
2015-05-17 23:31 - 2014-10-29 13:11 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-17 23:31 - 2014-02-20 09:37 - 00000020 ___SH () C:\Windows\system32\ext_drive_list.dat
2015-05-17 23:31 - 2012-07-26 18:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 23:21 - 2014-04-27 23:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 22:04 - 2015-03-22 22:43 - 00000000 ____D () C:\Users\Mere Radekedeke\Downloads\New folder
2015-05-17 20:53 - 2014-02-20 05:10 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Local\Microsoft Help
2015-05-17 20:39 - 2014-02-20 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-17 20:39 - 2014-02-20 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 20:37 - 2012-07-26 16:17 - 00000167 _____ () C:\Windows\win.ini
2015-05-17 19:08 - 2014-02-20 09:45 - 00000286 _____ () C:\Windows\Tasks\RMSchedule.job
2015-05-17 19:08 - 2014-02-20 05:45 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-17 19:07 - 2014-02-25 07:01 - 00003072 _____ () C:\Windows\system32\Cache.db
2015-05-17 17:42 - 2014-05-12 10:19 - 00000000 ____D () C:\Windows\Minidump
2015-05-17 17:35 - 2014-02-20 12:20 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\vlc
2015-05-17 00:36 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 22:00 - 2014-08-01 15:57 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\mp4
2015-05-16 17:14 - 2015-04-15 12:17 - 00000000 ____D () C:\Users\Mere Radekedeke\Downloads\EE313 Project
2015-05-16 13:23 - 2014-02-20 07:34 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\BatteryCare
2015-05-16 13:22 - 2014-02-20 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2015-05-16 13:22 - 2014-02-20 07:34 - 00000000 ____D () C:\Program Files\BatteryCare
2015-05-16 11:45 - 2014-07-14 00:52 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\progs
2015-05-16 10:43 - 2014-02-20 05:06 - 00000000 ____D () C:\Program Files\7-Zip
2015-05-16 10:42 - 2015-04-13 00:24 - 00000262 _____ () C:\Windows\Tasks\ASC8_SkipUac_Mere Radekedeke.job
2015-05-16 10:18 - 2014-02-20 05:08 - 00000000 ____D () C:\Users\Mere Radekedeke\AppData\Roaming\Skype
2015-05-16 10:11 - 2014-02-20 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-16 09:41 - 2014-02-20 06:12 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-16 09:06 - 2015-04-13 00:21 - 00002067 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-05-16 08:52 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-15 21:51 - 2014-02-20 05:08 - 00000000 ___RD () C:\Program Files\Skype
2015-05-15 21:51 - 2014-02-20 05:08 - 00000000 ____D () C:\ProgramData\Skype
2015-05-15 21:35 - 2012-07-26 18:43 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-15 15:07 - 2014-02-28 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 14:58 - 2014-02-28 18:36 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 14:08 - 2015-04-01 17:03 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-15 14:05 - 2012-07-26 18:53 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-15 13:52 - 2014-02-20 04:31 - 00852378 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 13:29 - 2012-07-26 16:17 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-15 08:40 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\tracing
2015-05-14 22:48 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-14 21:56 - 2014-09-13 05:23 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\New folder
2015-05-14 16:49 - 2012-07-26 18:53 - 00000000 ____D () C:\Windows\rescache
2015-05-14 11:04 - 2015-03-15 13:55 - 00427616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 11:03 - 2014-02-20 05:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 07:29 - 2012-07-26 20:27 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 23:40 - 2014-02-20 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 10:05 - 2012-07-26 16:43 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 08:59 - 2015-04-13 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-05-13 08:46 - 2014-02-20 06:08 - 00000000 ____D () C:\ProgramData\IObit
2015-05-13 07:49 - 2012-07-26 16:17 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-07 12:27 - 2015-04-04 11:28 - 00000518 _____ () C:\Users\Mere Radekedeke\Desktop\zumba.txt
2015-05-06 11:16 - 2014-03-11 04:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-05 16:17 - 2014-10-01 22:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-30 18:02 - 2014-07-29 20:05 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\EE300 project
2015-04-20 21:46 - 2015-04-04 22:00 - 00000211 _____ () C:\Users\Mere Radekedeke\Desktop\movie list.txt
2015-04-20 21:46 - 2014-12-22 10:35 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\sue  muvy
2015-04-19 14:16 - 2014-02-20 04:28 - 00000000 ____D () C:\Users\Mere Radekedeke
2015-04-19 14:02 - 2012-07-26 20:23 - 00000000 ____D () C:\Windows\en-GB
2015-04-19 11:35 - 2014-04-25 22:47 - 00020992 _____ () C:\Users\Mere Radekedeke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-18 21:27 - 2014-07-13 23:16 - 00000000 ____D () C:\Users\Mere Radekedeke\Documents\attachment
2015-04-18 12:57 - 2014-08-15 08:22 - 00000000 ____D () C:\Users\Mere Radekedeke\Desktop\antivirus
2015-04-18 09:50 - 2014-02-20 07:29 - 00000000 ____D () C:\Windows\AutoKMS
 
==================== Files in the root of some directories =======
 
2014-07-08 19:37 - 2014-07-11 14:59 - 0001125 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\asfasfeasd.exe
2014-06-30 22:33 - 2014-07-05 23:51 - 0000000 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\asfgwedasfwea.exe
2014-02-20 09:35 - 2014-02-20 09:35 - 0000040 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\burnaware.ini
2014-10-30 16:01 - 2014-10-30 16:31 - 0000096 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\Camdata.ini
2014-10-30 16:01 - 2014-10-30 16:31 - 0000408 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\CamLayout.ini
2014-10-30 16:01 - 2014-10-30 16:31 - 0000408 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\CamShapes.ini
2014-10-30 16:01 - 2014-10-30 16:31 - 0004509 _____ () C:\Users\Mere Radekedeke\AppData\Roaming\CamStudio.cfg
2014-04-25 22:47 - 2015-04-19 11:35 - 0020992 _____ () C:\Users\Mere Radekedeke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-20 05:38 - 2014-02-20 09:38 - 0000700 ___SH () C:\Users\Mere Radekedeke\AppData\Local\systemFL7.$dk
2014-02-20 05:38 - 2014-02-20 09:38 - 0003465 ___SH () C:\Users\Mere Radekedeke\AppData\Local\win_stlthdb_sys.dat
2012-07-26 14:06 - 2012-07-26 15:20 - 93175808 ___SH (Kyriba) C:\ProgramData\msvrd.exe
2013-05-25 20:23 - 2013-05-25 20:23 - 0010329 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_F7395FAF-D6D0-463A-85E7-C508F5113CE2.swidtag
2014-02-20 05:38 - 2014-02-20 05:38 - 0001040 ___SH () C:\ProgramData\win_mpwd_sys.dat
 
Files to move or delete:
====================
C:\ProgramData\msvrd.exe
C:\ProgramData\win_mpwd_sys.dat
 
 
Some content of TEMP:
====================
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo253143816.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo3079760339.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo3597512232.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptgix6u.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\Quarantine.exe
C:\Users\Mere Radekedeke\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-17 10:39
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 21 May 2015 - 08:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-115510354-3384020669-2148933896-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvrd.exe <===== ATTENTION
IFEO\startmenu8.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
Startup: C:\Users\Mere Radekedeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s.lnk [2015-05-07]
ShortcutTarget: s.lnk -> C:\Users\Mere Radekedeke\AppData\Roaming\obbmmyedum.exe (No File)
SearchScopes: HKU\S-1-5-21-115510354-3384020669-2148933896-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-115510354-3384020669-2148933896-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={69E33B37-9B1C-4269-88B1-FABD24EF1529}&mid=ea1cb2b58fa547d28c180ec224e17260-efa249a1e6706cb4f0e36c81e683a9e1f83c9d78&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-02 13:46:27&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
BHO: Dragon Branch -> {d640ce67-58e4-43c2-9adc-6bb959d7c606} -> C:\Program Files\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll No File
Filter: deflate - No CLSID Value -
Filter: gzip - No CLSID Value -
Filter: lzdhtml - No CLSID Value -
FF Extension: Dragon Branch - C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default\Extensions\{b289be59-5523-46da-882a-bb5d75ca370e}.xpi [2015-05-16]
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-16]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo253143816.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo3079760339.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\cdo3597512232.dll
C:\Users\Mere Radekedeke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptgix6u.dll
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
C:\Users\Mere Radekedeke\AppData\Roaming\Mozilla\Firefox\Profiles\6erefqdl.default\Extensions\{b289be59-5523-46da-882a-bb5d75ca370e}.xpi

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 26 May 2015 - 08:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users