Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i think that im infected


  • This topic is locked This topic is locked
4 replies to this topic

#1 lpunker

lpunker

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suriname
  • Local time:04:23 AM

Posted 15 July 2015 - 06:15 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by LPunker (administrator) on PC on 15-07-2015 20:05:05
Running from C:\Users\LPunker\Downloads
Loaded Profiles: LPunker (Available Profiles: LPunker)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fsorsp64.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ului\1434969307\spclient_gui.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fshoster64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [UltralightAV] => C:\Program Files\F-Secure\Ultralight\ului\1434969307\spclient_gui.exe [3389480 2015-06-27] (F-Secure Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-23] ()
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2004181470-1386863462-2674475671-1000] => 200.196.234.26:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://tinyurl.com/m2wfz8h
URLSearchHook: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=879
SearchScopes: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 -> {F9B6A098-D822-4C39-894B-592A24A2CA5D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 -> {FBB392E6-5696-41D6-91C6-5FCEEF7D3E34} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-12] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {95188727-288F-4581-A48D-EAB3BD027314} -  No File
Toolbar: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{4A55B8F8-62E2-4D9A-B1E8-20920986C88B}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D5BB8632-B679-44BE-9A39-082FF494CEDF}: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\LPunker\AppData\Roaming\Mozilla\Firefox\Profiles\y5quh3w3.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2012-06-21] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2004181470-1386863462-2674475671-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LPunker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2004181470-1386863462-2674475671-1000: pcpitstop.com/PCMaticPlugin -> C:\Users\LPunker\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll [2013-07-22] (PC Pitstop LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\LPunker\AppData\Roaming\Mozilla\Firefox\Profiles\y5quh3w3.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-13]
FF Extension: Tamper Data - C:\Users\LPunker\AppData\Roaming\Mozilla\Firefox\Profiles\y5quh3w3.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-06-22]
FF Extension: Video DownloadHelper - C:\Users\LPunker\AppData\Roaming\Mozilla\Firefox\Profiles\y5quh3w3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\LPunker\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\LPunker\AppData\Roaming\IDM\idmmzcc5 [2015-03-05]
FF HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\LPunker\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-30]
CHR Extension: (Google Search) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-30]
CHR Extension: (Ripple Emulator (Beta)) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc [2015-01-11]
CHR Extension: (Bookmark Manager) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-26]
CHR Extension: (My Browser Page) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-10-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Tamper Chrome (application)) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\odldmflbckacdofpepkdkmkccgdfaemb [2015-03-08]
CHR Extension: (Watch Free Movies Online) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofihpagioalfmgekegeijhaglbapgbmn [2014-11-01]
CHR Extension: (Gmail) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-30]
CHR Profile: C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Google Search) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]
CHR Extension: (SiteAdvisor) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]
CHR Extension: (Gmail) - C:\Users\LPunker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-22]
CHR HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\LPunker\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\LPunker\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FSORSPClient; C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fsorsp64.exe [75816 2015-06-27] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fshoster64.exe [431144 2015-06-27] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [103472 2012-06-15] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-04] (Nalpeiron Ltd.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-10] (Emsisoft GmbH)
R2 F-Secure Gatekeeper; C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fsgk.sys [208424 2015-06-27] (F-Secure Corporation)
R2 F-Secure HIPS; C:\Program Files\F-Secure\Ultralight\ulcore\1433169312\fshs.sys [85032 2015-06-27] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-11-02] ()
R3 fsni; C:\Program Files\F-Secure\Ultralight\nif\1433169370\fsni64.sys [95784 2015-06-27] (F-Secure Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-11-01] (http://libusb-win32.sourceforge.net)
S3 MRV6X64U; C:\Windows\System32\DRIVERS\MRVW23C.sys [255232 2007-01-04] (Marvell Semiconductor, Inc)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [854632 2010-12-31] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 20:05 - 2015-07-15 20:06 - 00026211 _____ C:\Users\LPunker\Downloads\FRST.txt
2015-07-15 20:04 - 2015-07-15 20:04 - 00000274 _____ C:\Users\LPunker\Downloads\Search.txt
2015-07-15 20:03 - 2015-07-15 20:05 - 00000000 ____D C:\FRST
2015-07-15 20:01 - 2015-07-15 20:01 - 02133504 _____ (Farbar) C:\Users\LPunker\Downloads\FRST64.exe
2015-07-15 19:10 - 2015-07-15 19:42 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-07-15 19:09 - 2015-07-15 19:09 - 00827816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\LPunker\Downloads\rufus-2.2.exe
2015-07-15 19:01 - 2015-07-12 14:35 - 871571456 ____R C:\Users\LPunker\Desktop\Windows 7 Sp1 Ultimate 2015.iso
2015-07-15 12:19 - 2015-07-15 12:19 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-14 16:19 - 2015-07-14 16:19 - 00000000 ____H C:\ProgramData\cm-lock
2015-07-13 21:26 - 2015-07-13 21:26 - 00097156 _____ C:\Users\LPunker\Downloads\responsive-childtheme-master.zip
2015-07-12 21:48 - 2015-07-12 21:48 - 00000479 _____ C:\Users\LPunker\Downloads\12
2015-07-12 21:44 - 2015-07-12 21:45 - 07348698 _____ C:\Users\LPunker\Downloads\e107-master.zip
2015-07-12 21:02 - 2015-07-12 21:03 - 00377768 _____ C:\Users\LPunker\Downloads\winkey14_0.9.1.zip
2015-07-12 20:11 - 2015-07-12 20:11 - 00209815 _____ C:\Users\LPunker\Downloads\advanced-ftp-password-recovery-setup.exe
2015-07-12 20:11 - 2015-07-12 20:11 - 00001460 _____ C:\Users\LPunker\Desktop\Advanced FTP Password Recovery.lnk
2015-07-12 20:11 - 2015-07-12 20:11 - 00000000 ____D C:\Users\LPunker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced FTP Password Recovery
2015-07-12 20:11 - 2015-07-12 20:11 - 00000000 ____D C:\Users\LPunker\AppData\Local\Advanced FTP Password Recovery
2015-07-12 19:57 - 2015-07-12 19:57 - 00008166 _____ C:\Users\LPunker\Downloads\cuteprw-1.1.0.tar.gz
2015-07-12 19:57 - 2015-07-12 19:57 - 00000000 ____D C:\Users\LPunker\Downloads\cuteprw-1.1.0
2015-07-12 19:54 - 2015-07-12 19:56 - 00000000 ____D C:\Program Files (x86)\SecurityXploded
2015-07-12 19:54 - 2015-07-12 19:54 - 00000000 ____D C:\Users\LPunker\Downloads\AsteriskPasswordSpy
2015-07-12 19:52 - 2015-07-12 19:53 - 02044690 _____ C:\Users\LPunker\Downloads\AsteriskPasswordSpy.zip
2015-06-30 22:47 - 2014-01-02 16:53 - 00001097 _____ C:\Users\Public\Desktop\aiStarter.lnk
2015-06-30 22:46 - 2015-06-30 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIT App Inventor Tools
2015-06-30 22:46 - 2015-06-30 22:46 - 00000000 ____D C:\Program Files (x86)\AppInventor
2015-06-30 22:39 - 2015-06-30 22:39 - 00000226 _____ C:\Windows\wininit.ini
2015-06-29 23:44 - 2015-06-29 23:54 - 83753282 _____ (Massachusetts Institute of Technology) C:\Users\LPunker\Downloads\MIT_App_Inventor_Tools_2.3.0_win_setup.exe
2015-06-28 22:05 - 2015-06-28 22:05 - 00002992 _____ C:\Users\LPunker\Desktop\New Text Document.txt
2015-06-28 21:40 - 2015-06-28 21:40 - 00000000 ____D C:\Users\LPunker\Desktop\wordpress-4.2.2
2015-06-28 21:40 - 2015-06-18 21:42 - 06860180 _____ C:\Users\LPunker\Desktop\wordpress-4.2.2.zip
2015-06-28 21:38 - 2015-06-28 21:38 - 01806469 _____ C:\Users\LPunker\Downloads\hueman.1.5.4.zip
2015-06-28 19:43 - 2015-06-28 19:44 - 07762422 _____ C:\Users\LPunker\Downloads\enigma.1.9.2.zip
2015-06-28 11:20 - 2015-06-28 11:27 - 00000000 ____D C:\Users\LPunker\Desktop\usefull
2015-06-27 22:16 - 2015-06-27 22:16 - 00000000 _____ C:\Windows\SysWOW64\sho7C83.tmp
2015-06-27 19:29 - 2015-06-27 19:29 - 00027347 _____ C:\ComboFix.txt
2015-06-27 19:05 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-27 19:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-27 19:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-27 19:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-27 19:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-27 19:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-27 19:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-27 19:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-27 19:03 - 2015-06-27 19:29 - 00000000 ____D C:\Qoobox
2015-06-27 19:01 - 2015-06-27 19:27 - 00000000 ____D C:\Windows\erdnt
2015-06-27 18:59 - 2015-06-27 19:00 - 05630589 ____R (Swearware) C:\Users\LPunker\Downloads\ComboFix.exe
2015-06-27 18:40 - 2015-06-27 18:40 - 00000000 ____D C:\Windows\System32\Tasks\F-Secure
2015-06-27 18:38 - 2015-06-27 18:38 - 04579368 _____ (F-Secure Corporation) C:\Users\LPunker\Downloads\online_ultralight_beta.exe
2015-06-27 18:38 - 2015-06-27 18:38 - 00000000 ____D C:\Program Files\F-Secure
2015-06-27 18:30 - 2015-06-27 18:31 - 00738394 _____ C:\Users\LPunker\Downloads\ESETPoweliksCleaner.exe_20150627.183055.4336.log
2015-06-27 18:30 - 2015-06-27 18:30 - 00000022 _____ C:\Users\LPunker\Downloads\ESETPoweliksCleaner.exe_20150627.183055.4336.zip
2015-06-27 18:28 - 2015-06-27 18:29 - 00221384 _____ (ESET) C:\Users\LPunker\Downloads\ESETPoweliksCleaner.exe
2015-06-20 15:57 - 2015-06-20 15:58 - 00000000 ____D C:\db181de3853c354d9a1347bd
2015-06-18 21:38 - 2015-06-18 21:42 - 06860180 _____ C:\Users\LPunker\Downloads\wordpress-4.2.2.zip
2015-06-18 21:14 - 2015-06-18 21:18 - 07696762 _____ C:\Users\LPunker\Downloads\Luxury_Flyer_Template.zip
2015-06-15 18:26 - 2015-06-15 20:35 - 457903641 _____ C:\Users\LPunker\Downloads\pa_gapps-stock-5.1-20150315-signed.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 20:03 - 2015-05-31 17:58 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 19:59 - 2010-12-08 19:26 - 01213347 _____ C:\Windows\WindowsUpdate.log
2015-07-15 19:18 - 2013-01-04 17:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 19:07 - 2009-07-14 01:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 19:07 - 2009-07-14 01:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 19:01 - 2015-05-19 18:46 - 00012206 _____ C:\Windows\setupact.log
2015-07-15 19:01 - 2009-07-14 02:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-15 12:19 - 2013-01-04 17:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 12:19 - 2012-05-03 14:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 12:19 - 2011-09-09 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 12:08 - 2015-05-31 17:58 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 12:08 - 2014-06-17 21:45 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-14 16:18 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 23:03 - 2015-03-25 22:29 - 00000000 ____D C:\Users\LPunker\Desktop\html5
2015-07-13 22:34 - 2015-05-17 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-13 19:31 - 2011-09-15 09:44 - 00000000 ____D C:\Users\LPunker\AppData\Roaming\BitTorrent
2015-07-13 19:29 - 2014-06-20 07:06 - 00000000 ____D C:\Users\LPunker\AppData\Roaming\uTorrent
2015-07-12 20:43 - 2012-07-23 15:00 - 00000000 ____D C:\Users\LPunker\AppData\Roaming\EditPlus 3
2015-07-12 10:48 - 2009-07-14 02:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-03 14:38 - 2014-11-02 08:53 - 00000000 ____D C:\ProgramData\F-Secure
2015-06-30 22:42 - 2015-06-01 08:56 - 00007502 _____ C:\Windows\PFRO.log
2015-06-29 23:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 18:53 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 11:14 - 2012-04-16 02:14 - 00000000 ____D C:\Users\LPunker\Desktop\bleep
2015-06-28 11:10 - 2015-01-11 19:41 - 00000000 ____D C:\Users\LPunker\Desktop\PhoneGap
2015-06-27 19:29 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Default
2015-06-27 19:25 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2015-06-27 18:14 - 2014-12-29 19:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-27 17:53 - 2014-06-17 21:45 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-22 19:19 - 2011-09-10 22:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-22 19:17 - 2014-06-22 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-18 23:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2013-01-11 13:23 - 2013-01-11 18:07 - 0000125 _____ () C:\Users\LPunker\AppData\Roaming\activation.key
2011-09-14 19:59 - 2011-09-14 19:59 - 0000000 _____ () C:\Users\LPunker\AppData\Roaming\bitlord_log.txt
2011-10-22 15:58 - 2014-05-16 06:44 - 0003850 _____ () C:\Users\LPunker\AppData\Roaming\Rim.Desktop.Exception.log
2011-10-22 15:57 - 2014-11-01 21:13 - 0003125 _____ () C:\Users\LPunker\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-10-22 15:58 - 2014-05-16 06:44 - 0004004 _____ () C:\Users\LPunker\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-07-20 21:07 - 2014-07-20 21:07 - 0000001 _____ () C:\Users\LPunker\AppData\Local\llftool.4.40.agreement
2014-07-20 21:07 - 2014-07-20 21:07 - 0000019 _____ () C:\Users\LPunker\AppData\Local\llftool.license
2014-07-18 20:45 - 2014-10-26 13:55 - 0007603 _____ () C:\Users\LPunker\AppData\Local\resmon.resmoncfg
2015-07-14 16:19 - 2015-07-14 16:19 - 0000000 ____H () C:\ProgramData\cm-lock
2014-06-19 07:24 - 2015-05-31 20:53 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\LPunker\AppData\Local\Temp\{0539FA9D-DAA7-43F4-A058-6AD7141507AB}-43.0.2357.134_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-27 21:47
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 17 July 2015 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKLM-x32 - No Name - {95188727-288F-4581-A48D-EAB3BD027314} -  No File
Toolbar: HKU\S-1-5-21-2004181470-1386863462-2674475671-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2004181470-1386863462-2674475671-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\LPunker\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\LPunker\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
Task: {C14CB2A9-C39A-4FD0-B8C7-3B91C764260E} - \BrowserProtect No Task File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 lpunker

lpunker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suriname
  • Local time:04:23 AM

Posted 19 July 2015 - 06:16 AM

my laptop is running smoother now.

Thankn you for your help

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 19 July 2015 - 07:44 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 24 July 2015 - 09:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users