Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a LOT of malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 agrias7

agrias7

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 30 August 2015 - 03:20 AM

Hi... I have some problem with my PC.

 

My PC infected by a lot of malware. It's my second time infected by malware(s). The first time is when I stupidly download a file named IDM add-on from a web. Then my PC got infected by a lot of malware, from my start search, shopping malwares, to a malware from china (i don't know what its name, it's written in chinesse character). I downloaded Malware bytes then everything were fine (although some malware files can not be deleted but it's not made any problem (?)).

 

I'm starting using torrent and then I got a lot shopping malware again. It's keep showing pop-up shopping deals and I couldn't remove it. I scanned my pc with malware bytes again and adware cleaner, but no luck. So, please help me. It's getting really annoying and I feel my PC get a little bit slower.

 

Thx and below is my log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-08-2015
Ran by mela (administrator) on MELA-PC (30-08-2015 14:56:42)
Running from C:\Users\mela\Downloads
Loaded Profiles: mela (Available Profiles: mela)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Smadsoft) C:\Program Files\Smadav\SMΔRTP.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2008-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [RocketDock] => "D:\Installer\RocketDock\RocketDock.exe"
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [Dropbox Update] => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2010-11-28]
ShortcutTarget: 7 Sticky Notes.lnk -> D:\Installer\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-11-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5944DD7F-2E5A-4971-980B-7B024B9D0E4E}: [DhcpNameServer] 8.8.8.8 8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default
FF DefaultSearchUrl: hxxps://id.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1438128716&z=39f4dd738df4b7673196352g5z3cdb8gcobbbq9q7c&from=cmi&uid=SAMSUNGXHM250HI_S1YQJD9S905498
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1128418022-1035736187-3581221965-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF SearchPlugin: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\searchplugins\yahoo-avast.xml [2015-06-26]
FF Extension: Search Enginer - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\1437014152_xpi [2015-07-16]
FF Extension: Adblock Plus - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-04]
 
Chrome: 
=======
CHR Profile: C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-26]
CHR Extension: (Adblock Pro) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-08-16]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mela\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-09]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-10-01] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [577816 2014-11-05] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2010-11-14] (Broadcom Corporation)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2014-10-07] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl0282da93; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05629EF0-4EF2-4A0D-B393-66AB62546ABA}\MpKsl0282da93.sys [39168 2015-08-30] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-06] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [85816 2014-10-07] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-10-07] (Wacom Technology)
U3 a4xd2idf; C:\Windows\system32\Drivers\a4xd2idf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 Adpaysgra-1; no ImagePath
S3 qcusbserialser; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 14:48 - 2015-08-30 14:56 - 00016904 _____ C:\Users\mela\Downloads\FRST.txt
2015-08-30 14:48 - 2015-08-30 14:56 - 00000000 ____D C:\FRST
2015-08-30 14:36 - 2015-08-30 14:36 - 01690624 _____ (Farbar) C:\Users\mela\Downloads\FRST.exe
2015-08-30 13:55 - 2015-08-30 13:55 - 01798640 _____ (Malwarebytes Corporation) C:\Users\mela\Downloads\JRT.exe
2015-08-29 07:47 - 2015-08-30 13:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 07:47 - 2015-08-29 07:47 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-29 07:42 - 2015-08-29 07:45 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mela\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-28 08:23 - 2015-08-28 08:23 - 00093758 _____ C:\Users\mela\Downloads\template 7.xml
2015-08-27 09:32 - 2015-06-15 16:43 - 00053224 _____ C:\Users\mela\Downloads\Dear Annabelle.otf
2015-08-27 08:37 - 2015-08-27 08:37 - 00091208 _____ C:\Users\mela\Downloads\template 6 with lightbox.xml
2015-08-27 04:04 - 2015-08-27 04:04 - 00089604 _____ C:\Users\mela\Downloads\template 5 gambar di post auto resize.xml
2015-08-26 21:26 - 2015-08-26 21:26 - 00086184 _____ C:\Users\mela\Downloads\template 4 widht sudah agak lebar tapi masih ada sisa dari widget.xml
2015-08-26 21:12 - 2015-08-26 21:12 - 00086270 _____ C:\Users\mela\Downloads\template 3.xml
2015-08-26 18:09 - 2015-08-26 18:09 - 00087958 _____ C:\Users\mela\Downloads\template sederhana.xml
2015-08-19 10:50 - 2015-08-19 10:50 - 00000000 ____D C:\Users\mela\AppData\Roaming\IDM
2015-08-19 10:39 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-08-19 10:38 - 2015-08-26 11:56 - 00000000 ____D C:\Users\mela\Downloads\1dm4n621build18
2015-08-19 07:08 - 2015-08-11 07:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 07:08 - 2015-08-11 07:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-16 11:26 - 2015-08-16 11:26 - 00000000 ____D C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 21:22 - 2015-07-30 20:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:09 - 2015-07-21 07:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 21:09 - 2015-07-17 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 21:09 - 2015-07-17 02:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 21:09 - 2015-07-17 02:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 21:09 - 2015-07-17 02:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 21:09 - 2015-07-17 02:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 21:09 - 2015-07-17 02:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 21:09 - 2015-07-17 02:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 21:09 - 2015-07-17 02:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 21:09 - 2015-07-17 02:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 21:09 - 2015-07-17 02:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 21:09 - 2015-07-17 02:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 21:09 - 2015-07-17 02:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 21:09 - 2015-07-17 02:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 21:09 - 2015-07-17 02:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 21:09 - 2015-07-17 02:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 21:09 - 2015-07-17 02:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 21:09 - 2015-07-17 02:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 21:09 - 2015-07-17 02:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 21:09 - 2015-07-17 01:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 21:09 - 2015-07-17 01:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 21:09 - 2015-07-17 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 21:06 - 2015-07-29 03:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 21:06 - 2015-07-29 03:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 21:06 - 2015-07-29 02:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 21:05 - 2015-07-16 00:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 21:05 - 2015-07-16 00:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 21:05 - 2015-07-16 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 21:05 - 2015-07-16 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 21:05 - 2015-07-16 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 21:05 - 2015-07-15 23:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 21:05 - 2015-07-11 00:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 21:05 - 2015-07-11 00:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 21:05 - 2015-07-11 00:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:05 - 2015-07-02 03:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 21:05 - 2015-07-02 03:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 21:04 - 2015-07-30 23:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:04 - 2015-07-30 23:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:59 - 2015-07-11 00:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:58 - 2015-05-10 01:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-08 07:07 - 2015-08-08 07:07 - 00000000 ____D C:\Users\mela\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 14:56 - 2010-11-14 21:45 - 00000000 ____D C:\Users\mela\AppData\Roaming\7 Sticky Notes
2015-08-30 14:56 - 2010-11-14 17:44 - 01718738 _____ C:\Windows\WindowsUpdate.log
2015-08-30 14:54 - 2014-10-11 14:14 - 00000000 ___RD C:\Users\mela\Google Drive
2015-08-30 14:54 - 2011-10-08 11:17 - 00000000 ___RD C:\Users\mela\Dropbox
2015-08-30 14:54 - 2011-10-08 11:14 - 00000000 ____D C:\Users\mela\AppData\Roaming\Dropbox
2015-08-30 14:53 - 2015-07-29 05:45 - 00001010 _____ C:\Windows\Tasks\f9XoDBRCX9eGL78fonona.job
2015-08-30 14:53 - 2015-07-29 05:45 - 00000998 _____ C:\Windows\Tasks\IegYhqYhslLIN39.job
2015-08-30 14:53 - 2015-07-28 16:23 - 00000986 _____ C:\Windows\Tasks\xAlIPKW2I.job
2015-08-30 14:53 - 2015-07-28 16:23 - 00000982 _____ C:\Windows\Tasks\tK9B2zJ.job
2015-08-30 14:53 - 2015-07-16 14:03 - 00001008 _____ C:\Windows\Tasks\ERu2xkbgoRU1qL9ZsHrn.job
2015-08-30 14:53 - 2015-07-16 14:03 - 00000998 _____ C:\Windows\Tasks\4rYiNFWntPeteEt.job
2015-08-30 14:53 - 2015-07-13 09:55 - 00005757 _____ C:\Windows\setupact.log
2015-08-30 14:53 - 2015-06-26 10:00 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 14:53 - 2012-06-04 10:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-30 14:53 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 14:40 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 14:40 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 14:31 - 2015-06-20 08:20 - 00001060 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000UA.job
2015-08-30 14:17 - 2015-06-26 10:00 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 14:15 - 2015-04-21 10:37 - 00000000 ____D C:\AdwCleaner
2015-08-30 14:06 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
2015-08-30 14:05 - 2015-01-22 05:59 - 00000000 ____D C:\Users\mela\AppData\Roaming\uTorrent
2015-08-30 14:05 - 2012-04-14 09:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 13:34 - 2013-06-23 21:12 - 00000000 ____D C:\Windows\pss
2015-08-30 13:25 - 2015-06-07 11:18 - 00000352 _____ C:\Windows\Tasks\BoosterSystem.job
2015-08-30 12:59 - 2010-11-14 18:25 - 00207240 _____ C:\Windows\PFRO.log
2015-08-29 10:53 - 2011-05-08 07:55 - 00000000 ____D C:\Users\mela\Downloads\Compressed
2015-08-29 06:31 - 2015-06-20 08:20 - 00001008 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000Core.job
2015-08-28 04:10 - 2009-07-14 11:33 - 00530960 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-27 09:50 - 2010-11-14 18:41 - 00171320 _____ C:\Users\mela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 11:39 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Globalization
2015-08-23 12:09 - 2015-06-26 10:17 - 00002119 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-19 11:59 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2015-08-18 05:06 - 2012-04-14 09:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-18 05:06 - 2011-08-24 07:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-17 04:17 - 2014-10-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-16 11:54 - 2015-06-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-16 11:54 - 2013-06-12 08:40 - 00000824 _____ C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-08-16 11:33 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-16 11:10 - 2014-12-11 09:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 11:10 - 2014-05-06 18:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 21:42 - 2012-09-24 10:15 - 00000039 _____ C:\Windows\vbaddin.ini
2015-08-12 21:42 - 2010-11-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 21:35 - 2013-08-15 09:31 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:28 - 2010-12-24 12:13 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 04:08 - 2012-05-26 16:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-05 08:09 - 2013-02-10 16:49 - 00000000 ____D C:\ProgramData\CanonIJ
2015-07-31 19:40 - 2010-11-14 17:51 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt
2012-06-24 12:55 - 2012-06-24 12:55 - 0000000 _____ () C:\Users\mela\AppData\Roaming\chrtmp
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\tK9B2zJ
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\xAlIPKW2I
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\AtStart.txt
2010-11-14 21:16 - 2011-12-30 10:13 - 0196096 _____ () C:\Users\mela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\DSwitch.txt
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\QSwitch.txt
2015-04-21 10:34 - 2015-04-21 10:34 - 0011248 _____ () C:\Users\mela\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\mela\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv23fcp.dll
C:\Users\mela\AppData\Local\Temp\ooswy.cmd.exe
C:\Users\mela\AppData\Local\Temp\ose00000.exe
C:\Users\mela\AppData\Local\Temp\Quarantine.exe
C:\Users\mela\AppData\Local\Temp\set561B.tmp.exe
C:\Users\mela\AppData\Local\Temp\Sims3Launcher.ex_.exe
C:\Users\mela\AppData\Local\Temp\sqlite3.dll
C:\Users\mela\AppData\Local\Temp\VP6Install.exe
C:\Users\mela\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-04-16 17:57] - [2015-07-22 07:24] - 0270336 ____A (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-19 11:30
 
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-08-2015
Ran by mela (2015-08-30 14:58:32)
Running from C:\Users\mela\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1128418022-1035736187-3581221965-500 - Administrator - Disabled)
Guest (S-1-5-21-1128418022-1035736187-3581221965-501 - Limited - Disabled)
mela (S-1-5-21-1128418022-1035736187-3581221965-1000 - Administrator - Enabled) => C:\Users\mela
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
FocusWriter (HKLM\...\FocusWriter) (Version: 1.5.1 - Graeme Gott)
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Foxit Phantom (HKLM\...\Foxit Phantom) (Version: 2.2.4.0225 - Foxit Software Company)
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM\...\{9F238A60-C445-4B81-8EDE-07DC924E98F8}) (Version: 1.0.1.30 - Hewlett Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM\...\LINE) (Version: 3.9.0.172 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MPC-HC 1.7.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.36.45 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{031EA852-BFA6-6ECC-4738-99C64C116802}\InprocServer32 -> C:\Windows\System32\bdaplgin.ax (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{031EA852-BFA6-6ECC-4738-99C64C116802}\localserver32 -> C:\Windows\system32\plasrv.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{091C0CA2-2A65-3B4E-528F-9FF4F3774F87}\InprocServer32 -> C:\Windows\System32\bdaplgin.ax (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{091C0CA2-2A65-3B4E-528F-9FF4F3774F87}\localserver32 -> C:\Windows\system32\plasrv.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{3691716A-0219-5AAC-973E-861FCF048A3E}\InprocServer32 -> C:\Windows\System32\bdaplgin.ax (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{3691716A-0219-5AAC-973E-861FCF048A3E}\localserver32 -> C:\Windows\system32\plasrv.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\mela\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
30-08-2015 14:05:10 JRT Pre-Junkware Removal
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:04 - 2011-09-24 11:11 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {021621D6-2BA4-4ED1-B471-5F299613F815} - System32\Tasks\{EB96764E-117A-448E-9D4C-B87942CA76BC} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.112&amp;LastError=12007
Task: {06D6F5C8-F9EB-4C95-9C08-4BEADFDC4178} - System32\Tasks\4rYiNFWntPeteEt => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: {0962C482-70C0-41CA-80EC-CA07E1BC83C2} - System32\Tasks\{1D50AFD2-1969-46A0-9BC4-2AFF5F7686BB} => pcalua.exe -a D:\Installer\RocketDock\unins000.exe
Task: {09D3CCB8-F3A5-4007-8E42-2918E56BBE07} - System32\Tasks\{345125A1-56B8-4E01-8978-6138A9D43522} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {0D07D78C-067D-45EF-B25B-8549659E91B5} - \BoosterSystem -> No File <==== ATTENTION
Task: {0EA05CDD-4379-420C-B1D1-97FEF6128006} - System32\Tasks\ERu2xkbgoRU1qL9ZsHrn => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: {102FDF22-D41D-4EF5-9773-0C06AF3A488B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {13FED3FA-9CF3-4A4A-8781-D44A683ADD1B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000Core => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {1F099C86-C409-40DA-B2D9-5FAE78C56F38} - System32\Tasks\{3D7DABA9-D680-42DE-A0EA-0405B7E6A96B} => pcalua.exe -a "C:\Program Files\MoRUN.net\StickerLite\uninst.exe" -d "C:\Program Files\MoRUN.net\StickerLite\"
Task: {22B277FA-C0E1-4344-8B54-E8457447C24A} - System32\Tasks\xAlIPKW2I => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
Task: {2936C6D1-F075-46B8-82E9-C7879BB66039} - System32\Tasks\{A38C0CEB-104D-493B-ACF0-B7D3B6A6D8E7} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.112&amp;LastError=204
Task: {43FEB1C0-A766-4B42-BBDC-64F05AA8D9F9} - System32\Tasks\{25464EB8-9339-40FE-8D38-9544565C8A95} => pcalua.exe -a "E:\Cq40-41 Vista\sp45515(wLAN adaptor).exe" -d "E:\Cq40-41 Vista"
Task: {441C61E7-4644-4732-8CEC-67DE1C0285FE} - System32\Tasks\{8CD4F4F9-DB4B-4972-B865-6B2CADC8B4FA} => pcalua.exe -a "C:\Windows\Jessicas Cupcake Cafe\uninstall.exe" -c "/U:C:\Program Files\Jessicas Cupcake Cafe\Uninstall\uninstall.xml"
Task: {461BFCC6-51C2-42DF-8DDD-40AE7DBA9776} - System32\Tasks\{5458CDDD-AADD-4FD5-8972-CF7E9FADE59C} => pcalua.exe -a "C:\Users\mela\AppData\Local\Zylom Games\Delicious - Emilys Taste of Fame Deluxe\GameInstlr.exe" -c --uninstall UnInstall.log
Task: {49485FCA-07CF-41B5-B6C0-35086DFCF829} - \4596 -> No File <==== ATTENTION
Task: {4D9A8A32-6CC9-4E0E-9F17-5A9945E9FA87} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000UA => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {6AB58F80-7215-40DC-8B1D-99DF55949B91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {77644C4D-C51C-419E-BF44-B378B47BC298} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {83F68FAA-0B5D-4C9B-AE10-E4D104F40CFE} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2014-08-23] (Smadsoft)
Task: {A8DB4E51-C8F9-4948-8E90-B659349705B4} - System32\Tasks\{27560094-4770-4A85-B565-DC6379BACAB1} => pcalua.exe -a "D:\game\Electronic Arts\EADM\ProxyInstaller.exe" -d "D:\game\Electronic Arts\EADM"
Task: {AE441C0D-2718-4B77-88E8-318B47104629} - System32\Tasks\tK9B2zJ => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: {B035B6B1-C013-47D2-A3DE-3EBEC35EF23B} - System32\Tasks\{5C6181D1-9F62-4BFD-9315-5E8C241750A4} => pcalua.exe -a D:\Installer\JavaSetup6u18.exe -d D:\Installer
Task: {B973006E-B1D9-4120-B753-56181C4D07D6} - System32\Tasks\{574FA2A2-E286-4A06-9A27-23D4EADADE8C} => pcalua.exe -a D:\Installer\CS3.exe -d D:\Installer
Task: {BF0320AA-AF1B-48D9-9657-0F5C1F2320DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18] (Adobe Systems Incorporated)
Task: {C2C464FB-5BAE-4202-ADDA-E5D6486475EF} - System32\Tasks\{E95603DB-79E6-4256-922C-51F2F32DDFB0} => pcalua.exe -a "D:\game\Word Harmony Deluxe\SSInstaller.exe" -d "D:\game\Word Harmony Deluxe"
Task: {CC5667CC-7EBC-49C7-A29F-10792B133606} - System32\Tasks\f9XoDBRCX9eGL78fonona => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: {D983F7CA-B85E-42A4-AAB6-A7B8F1F95D41} - System32\Tasks\{5AA36576-64C2-423D-AC86-1C70FAD8A460} => pcalua.exe -a "D:\game\Monster Mash\Uninstal.exe" -d "D:\game\Monster Mash"
Task: {E54F0E7E-E8C9-4539-8A44-A9FC1FA95339} - System32\Tasks\{4B6F5CC1-DB0B-4E34-9452-3A500A25ACC6} => pcalua.exe -a C:\Users\mela\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {F721B174-0623-4028-B2D0-11993DB25798} - System32\Tasks\IegYhqYhslLIN39 => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: {FCF6C032-B44B-4CC4-B839-66D280E5AAA4} - System32\Tasks\{01FD3C6A-FB7D-440A-A7EE-97CB62FF3C3A} => pcalua.exe -a C:\Users\mela\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\4rYiNFWntPeteEt.job => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BoosterSystem.job => c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30}\8859622263903600648b.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000Core.job => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000UA.job => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ERu2xkbgoRU1qL9ZsHrn.job => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: C:\Windows\Tasks\f9XoDBRCX9eGL78fonona.job => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IegYhqYhslLIN39.job => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: C:\Windows\Tasks\tK9B2zJ.job => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\xAlIPKW2I.job => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-14 21:14 - 2009-02-10 23:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-12-09 18:18 - 2014-11-05 01:49 - 01019672 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-08-30 14:54 - 2015-08-30 14:54 - 00071168 _____ () c:\users\mela\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv23fcp.dll
2015-08-16 11:24 - 2015-08-06 03:49 - 00012800 _____ () C:\Users\mela\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-16 11:24 - 2015-08-06 03:49 - 00779776 _____ () C:\Users\mela\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-16 11:24 - 2015-08-06 03:49 - 00056320 _____ () C:\Users\mela\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-16 11:24 - 2015-08-06 03:49 - 00012288 _____ () C:\Users\mela\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-08-30 14:53 - 2015-08-30 14:53 - 00098816 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32api.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00110080 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\pywintypes27.dll
2015-08-30 14:53 - 2015-08-30 14:53 - 00364544 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\pythoncom27.dll
2015-08-30 14:53 - 2015-08-30 14:53 - 00045568 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_socket.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 01161216 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_ssl.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00320512 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32com.shell.shell.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00713216 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_hashlib.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 01176576 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._core_.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00806400 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._gdi_.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00816128 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._windows_.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 01067008 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._controls_.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00733184 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._misc_.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00682496 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\pysqlite2._sqlite.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00087552 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_ctypes.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00119808 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32file.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00108544 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32security.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00007168 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\hashobjs_ext.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00068096 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\usb_ext.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00167936 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32gui.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00018432 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32event.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00128512 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_elementtree.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00127488 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\pyexpat.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00013824 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\common.time34.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00036864 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_psutil_windows.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00038912 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32inet.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00011264 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32crypt.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00077312 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._html2.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00027136 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_multiprocessing.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00020480 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\_yappi.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00035840 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32process.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00686080 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\unicodedata.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00123392 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._wizard.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00024064 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32pipe.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00010240 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\select.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00025600 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32pdh.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00525640 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\windows._lib_cacheinvalidation.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00017408 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32profile.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00022528 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\win32ts.pyd
2015-08-30 14:53 - 2015-08-30 14:53 - 00078848 _____ () C:\Users\mela\AppData\Local\Temp\_MEI24042\wx._animate.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\mela:zylomtest
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVUA}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTR}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVO}
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\startupfolder: C:^Users^mela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download game of thrones season 5 Torrents - KickassTorrents.lnk => C:\Windows\pss\Download game of thrones season 5 Torrents - KickassTorrents.lnk.Startup
MSCONFIG\startupfolder: C:^Users^mela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download Running Man E241.150405.HDTV.H264.720p-WITH.mp4 Torrent - KickassTorrents.lnk => C:\Windows\pss\Download Running Man E241.150405.HDTV.H264.720p-WITH.mp4 Torrent - KickassTorrents.lnk.Startup
MSCONFIG\startupfolder: C:^Users^mela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: App => C:\Program Files\Rising\App.exe
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{899FA4E0-ECB9-47F0-A723-141EF4E24296}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{1ADF4578-5B42-4E4D-BDD2-B3D656993DE3}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{E671D357-02F3-41FB-ACDD-F7EE936E32B0}D:\installer\spssinc\paswstatistics18\paswstat.exe] => (Allow) D:\installer\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{263645F3-FBFA-4BCE-98FB-23743B28D31F}D:\installer\spssinc\paswstatistics18\paswstat.exe] => (Allow) D:\installer\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{282AAB33-57DE-4B7D-9C90-A8B83F191255}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe
FirewallRules: [UDP Query User{70225A7F-8EEE-4198-AD1F-2BCD01BD9C2A}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe
FirewallRules: [TCP Query User{31CD8ED1-1BF5-4E5A-BD78-4936EF31707E}C:\program files\morun.net\stickerlite\sticker.exe] => (Allow) C:\program files\morun.net\stickerlite\sticker.exe
FirewallRules: [UDP Query User{739FB832-B052-4621-A170-90D2D347B726}C:\program files\morun.net\stickerlite\sticker.exe] => (Allow) C:\program files\morun.net\stickerlite\sticker.exe
FirewallRules: [{D8C946D4-9C8C-4C70-B33E-347CD58F1A87}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CC69F559-9DBA-423F-BF97-0722318E2E32}] => (Allow) LPort=2869
FirewallRules: [{CF62817D-7CAA-4765-98B7-8ADA8C413F60}] => (Allow) LPort=1900
FirewallRules: [{C268A769-10BE-454A-8986-B237307B9336}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{183B0C73-23AD-4E1A-81E9-BEF234E3F011}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{C78E3BBE-09AE-4C3F-846A-1DD357DCB1F3}] => (Allow) C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{94994146-58B3-44C7-BD0D-2FB216CFD312}] => (Allow) C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [TCP Query User{2DB19245-ED2C-4B1C-A43E-51261E72D0E3}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{C1EEDF8D-307A-4B47-8AE7-4A6138C3527B}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{52C69185-840E-4DA2-8C27-475825CA8F0C}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{733BE1B5-DB0F-4EAE-B399-CFC9D815CA1E}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{99003474-C396-4D00-9B88-482A73BE1098}C:\program files\stepmania 4\program\stepmania.exe] => (Allow) C:\program files\stepmania 4\program\stepmania.exe
FirewallRules: [UDP Query User{DEAECCC6-01E8-4AF4-94F5-24A13EE9A76E}C:\program files\stepmania 4\program\stepmania.exe] => (Allow) C:\program files\stepmania 4\program\stepmania.exe
FirewallRules: [{0E603676-7C4A-419C-8765-74ACB15197E6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{03CEE554-04E9-48DB-A984-23A3986199CA}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7E51D1D2-AE1C-4598-BA3F-662316A87AED}] => (Allow) C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8BA3835E-7145-4F3E-8921-5EFA4DCAD5AB}] => (Allow) C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{46FF5CEF-5003-45E4-9736-3012422FEDA6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{8AA42D4C-D58F-45D7-BBCD-4E7B01EF2959}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [ShowTime-1] => (Allow) C:\Program Files\inGAME\ShowTime\Bin\Final_Release\Launcher.exe
FirewallRules: [{5C3D5026-7CE5-4D12-A6CB-731C2ED3AC04}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{1285CDF5-43CF-42A5-9F8C-771969F5FD76}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{860671F0-937B-4A37-8727-A93846250FC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{4EF482AD-7869-4FFA-AAE6-DAFFF084C61F}C:\program files\naver\line\line.exe] => (Allow) C:\program files\naver\line\line.exe
FirewallRules: [UDP Query User{08F381B7-9C6E-4043-8FC6-33A990F53E6F}C:\program files\naver\line\line.exe] => (Allow) C:\program files\naver\line\line.exe
FirewallRules: [TCP Query User{11572418-A3BB-4E5F-B2DE-53181C3C9A08}C:\users\mela\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mela\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4AF0E5D6-48F2-44CD-9943-3F4EFE8F400E}C:\users\mela\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mela\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{FDD31D03-82B3-4F16-8ACC-B8B2CF9D89E8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6E0D8EAA-14DB-40DA-873B-DBE85E9AEF1B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{13D950EF-958C-4929-940C-18ED477439D7}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF185C45-D8FD-413E-B9F3-A9D02E9B1252}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [TCP Query User{A224CC5D-9005-4131-AA55-913CFBB9068C}D:\simcity\simcity\simcity.exe] => (Block) D:\simcity\simcity\simcity.exe
FirewallRules: [UDP Query User{72F037DA-6683-43FD-9475-108081AC29C3}D:\simcity\simcity\simcity.exe] => (Block) D:\simcity\simcity\simcity.exe
FirewallRules: [{52E7D5DF-0976-4B6A-9AB5-09F8EF3F198C}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{33FDE36E-ACE3-4C64-9F90-12D62388EB19}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{F2F72129-DE9E-43A3-8DC6-D1CB0CFC4D76}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{C3216DBD-E140-43E7-8D22-EE893971A616}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{1EF9F235-A229-4AC6-8330-30053058A77A}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{7D5EC0F6-4002-4E62-8ED0-729FCBECD218}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8DC8E014-D510-4EF5-863E-8871EAFB0F95}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{F7BC1424-6E73-4F69-A0A4-8C8F47C92EB9}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{5E785919-73A2-4F39-9665-E2E43EAAD497}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{271C9427-7EAE-423E-8D43-758074FCB6E1}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{CAC4443A-EA32-40A1-8680-9440FA7CC771}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4474392C-64B3-449B-B5BF-162C5A7BA3D3}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{30D0DA6D-242C-42B8-A9B1-873E5088C292}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8ACA9A44-23F9-4BD4-8029-74518F924A26}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{51BF9BE5-8CC6-40E5-9D77-954FA9451A14}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{FC851951-05DF-44FD-990C-3245DABC727A}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3653BAD5-FCC6-43CE-9DC0-4830FB1BFC5F}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A030E66F-73F6-477A-AC23-2B0B3DAC46BC}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{4E5044F6-E0C7-47EE-8C4E-531674675960}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{6881BBC2-2317-4699-A91E-8419CA72090A}] => (Allow) C:\Users\TEMP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F399911-3AC1-40E4-A579-045D3162AC1D}] => (Allow) C:\Users\TEMP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{00340DCC-907D-4684-B57B-D62EE7C0AD6B}C:\users\mela\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B69F9D1D-421F-4288-871A-E716819550A4}C:\users\mela\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{8BAEF8E8-C58F-4557-9446-63B80FFBE8FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2015 02:51:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 29.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe4
 
Start Time: 01d0e2f83bca9eee
 
Termination Time: 11
 
Application Path: C:\Users\mela\Downloads\FRST.exe
 
Report Id: f07658ff-4eeb-11e5-8bae-0026229d531d
 
Error: (08/30/2015 01:59:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 5.0.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16ac
 
Start Time: 01d0e2f0f526bd9d
 
Termination Time: 0
 
Application Path: C:\Users\mela\Downloads\AdwCleaner.exe
 
Report Id: 98823095-4ee4-11e5-8bae-0026229d531d
 
Error: (08/28/2015 09:36:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00036b83
Faulting process id: 0xa70
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (08/28/2015 09:56:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8d4
 
Start Time: 01d0e10ce26c96cd
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id:
 
Error: (08/26/2015 04:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.24.9931.5480, time stamp: 0x509418e4
Faulting module name: pyexpat.pyd, version: 0.0.0.0, time stamp: 0x54af1cf8
Exception code: 0xc0000005
Fault offset: 0x00011160
Faulting process id: 0xcf4
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
 
Error: (08/19/2015 07:08:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl6f95eeb7.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/03/2015 08:40:56 AM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 800700a4{70FD1301-1F6F-4BF7-8298-9660124B260C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (07/31/2015 11:18:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1780
 
Start Time: 01d0cb47297c7747
 
Termination Time: 31
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 2674780d-373b-11e5-ab52-0026229d531d
 
Error: (07/31/2015 11:12:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e58
 
Start Time: 01d0cb400ee8e31e
 
Termination Time: 343
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 35d2bcbb-373a-11e5-ab52-0026229d531d
 
Error: (07/29/2015 10:53:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: mela-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
 
System errors:
=============
Error: (08/30/2015 02:06:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/30/2015 02:06:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/30/2015 02:06:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 02:06:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Com4QLBEx service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 02:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/30/2015 02:05:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 02:05:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea ST Filters Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 02:05:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 02:05:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 01:14:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.205.947.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office:
=========================
Error: (03/05/2012 10:12:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3888 seconds with 1620 seconds of active time.  This session ended with a crash.
 
Error: (09/09/2011 11:00:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3705 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (02/17/2011 10:40:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9222 seconds with 7560 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 1978.96 MB
Available physical RAM: 819.39 MB
Total Virtual: 3957.91 MB
Available Virtual: 2547.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.5 GB) (Free:11.23 GB) NTFS
Drive d: () (Fixed) (Total:174.29 GB) (Free:135.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 31A431A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by xXToffeeXx, 30 August 2015 - 03:39 AM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 30 August 2015 - 05:50 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi agrias7,

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [No File]
FF Extension: Search Enginer - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\1437014152_xpi [2015-07-16]
U3 a4xd2idf; C:\Windows\system32\Drivers\a4xd2idf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 Adpaysgra-1; no ImagePath
C:\Windows\system32\Drivers\a4xd2idf.sys
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt
2012-06-24 12:55 - 2012-06-24 12:55 - 0000000 _____ () C:\Users\mela\AppData\Roaming\chrtmp
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\tK9B2zJ
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\xAlIPKW2I
2010-11-14 21:16 - 2011-12-30 10:13 - 0196096 _____ () C:\Users\mela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
Task: {06D6F5C8-F9EB-4C95-9C08-4BEADFDC4178} - System32\Tasks\4rYiNFWntPeteEt => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: {0962C482-70C0-41CA-80EC-CA07E1BC83C2} - System32\Tasks\{1D50AFD2-1969-46A0-9BC4-2AFF5F7686BB} => pcalua.exe -a D:\Installer\RocketDock\unins000.exe
Task: {0D07D78C-067D-45EF-B25B-8549659E91B5} - \BoosterSystem -> No File <==== ATTENTION
Task: {0EA05CDD-4379-420C-B1D1-97FEF6128006} - System32\Tasks\ERu2xkbgoRU1qL9ZsHrn => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: {22B277FA-C0E1-4344-8B54-E8457447C24A} - System32\Tasks\xAlIPKW2I => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
Task: {49485FCA-07CF-41B5-B6C0-35086DFCF829} - \4596 -> No File <==== ATTENTION
Task: {AE441C0D-2718-4B77-88E8-318B47104629} - System32\Tasks\tK9B2zJ => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: {CC5667CC-7EBC-49C7-A29F-10792B133606} - System32\Tasks\f9XoDBRCX9eGL78fonona => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: {F721B174-0623-4028-B2D0-11993DB25798} - System32\Tasks\IegYhqYhslLIN39 => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: {FCF6C032-B44B-4CC4-B839-66D280E5AAA4} - System32\Tasks\{01FD3C6A-FB7D-440A-A7EE-97CB62FF3C3A} => pcalua.exe -a C:\Users\mela\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: C:\Windows\Tasks\4rYiNFWntPeteEt.job => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: C:\Windows\Tasks\BoosterSystem.job => c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30}\8859622263903600648b.exe <==== ATTENTION
Task: C:\Windows\Tasks\ERu2xkbgoRU1qL9ZsHrn.job => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: C:\Windows\Tasks\f9XoDBRCX9eGL78fonona.job => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: C:\Windows\Tasks\IegYhqYhslLIN39.job => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: C:\Windows\Tasks\tK9B2zJ.job => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\xAlIPKW2I.job => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
AlternateDataStreams: C:\Users\mela:zylomtest
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVUA}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTR}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVO}
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
FirewallRules: [{52E7D5DF-0976-4B6A-9AB5-09F8EF3F198C}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{33FDE36E-ACE3-4C64-9F90-12D62388EB19}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{F2F72129-DE9E-43A3-8DC6-D1CB0CFC4D76}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{C3216DBD-E140-43E7-8D22-EE893971A616}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{1EF9F235-A229-4AC6-8330-30053058A77A}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{7D5EC0F6-4002-4E62-8ED0-729FCBECD218}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8DC8E014-D510-4EF5-863E-8871EAFB0F95}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{F7BC1424-6E73-4F69-A0A4-8C8F47C92EB9}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{5E785919-73A2-4F39-9665-E2E43EAAD497}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{271C9427-7EAE-423E-8D43-758074FCB6E1}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{CAC4443A-EA32-40A1-8680-9440FA7CC771}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4474392C-64B3-449B-B5BF-162C5A7BA3D3}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{30D0DA6D-242C-42B8-A9B1-873E5088C292}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8ACA9A44-23F9-4BD4-8029-74518F924A26}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{51BF9BE5-8CC6-40E5-9D77-954FA9451A14}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{FC851951-05DF-44FD-990C-3245DABC727A}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3653BAD5-FCC6-43CE-9DC0-4830FB1BFC5F}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A030E66F-73F6-477A-AC23-2B0B3DAC46BC}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{4E5044F6-E0C7-47EE-8C4E-531674675960}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
C:\IQIYI Video
C:\program files\common files\tencent
C:\Users\mela\AppData\Roaming\IQIYI Video
C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe
D:\Installer\RocketDock
C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe
C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe
C:\Users\mela\AppData\Roaming\tK9B2zJ.exe
C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe
C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe
C:\Users\mela\AppData\Roaming\mystartsearch
C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe
c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30}
C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe
C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe
C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe
C:\Users\mela\AppData\Roaming\tK9B2zJ.exe
C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 30 August 2015 - 04:17 PM

Hi Toffee! Thanks for replying.

 

this is my fixlog.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:29-08-2015
Ran by mela (2015-08-31 04:05:58) Run:1
Running from C:\Users\mela\Downloads
Loaded Profiles: mela (Available Profiles: mela)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [No File]
FF Extension: Search Enginer - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\1437014152_xpi [2015-07-16]
U3 a4xd2idf; C:\Windows\system32\Drivers\a4xd2idf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 Adpaysgra-1; no ImagePath
C:\Windows\system32\Drivers\a4xd2idf.sys
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt
2012-06-24 12:55 - 2012-06-24 12:55 - 0000000 _____ () C:\Users\mela\AppData\Roaming\chrtmp
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39
2015-04-14 23:28 - 2015-04-14 23:28 - 0004387 _____ () C:\Users\mela\AppData\Roaming\tK9B2zJ
2015-04-19 19:20 - 2015-04-19 19:20 - 0005872 _____ () C:\Users\mela\AppData\Roaming\xAlIPKW2I
2010-11-14 21:16 - 2011-12-30 10:13 - 0196096 _____ () C:\Users\mela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
CustomCLSID: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
Task: {06D6F5C8-F9EB-4C95-9C08-4BEADFDC4178} - System32\Tasks\4rYiNFWntPeteEt => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: {0962C482-70C0-41CA-80EC-CA07E1BC83C2} - System32\Tasks\{1D50AFD2-1969-46A0-9BC4-2AFF5F7686BB} => pcalua.exe -a D:\Installer\RocketDock\unins000.exe
Task: {0D07D78C-067D-45EF-B25B-8549659E91B5} - \BoosterSystem -> No File <==== ATTENTION
Task: {0EA05CDD-4379-420C-B1D1-97FEF6128006} - System32\Tasks\ERu2xkbgoRU1qL9ZsHrn => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: {22B277FA-C0E1-4344-8B54-E8457447C24A} - System32\Tasks\xAlIPKW2I => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
Task: {49485FCA-07CF-41B5-B6C0-35086DFCF829} - \4596 -> No File <==== ATTENTION
Task: {AE441C0D-2718-4B77-88E8-318B47104629} - System32\Tasks\tK9B2zJ => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: {CC5667CC-7EBC-49C7-A29F-10792B133606} - System32\Tasks\f9XoDBRCX9eGL78fonona => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: {F721B174-0623-4028-B2D0-11993DB25798} - System32\Tasks\IegYhqYhslLIN39 => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: {FCF6C032-B44B-4CC4-B839-66D280E5AAA4} - System32\Tasks\{01FD3C6A-FB7D-440A-A7EE-97CB62FF3C3A} => pcalua.exe -a C:\Users\mela\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: C:\Windows\Tasks\4rYiNFWntPeteEt.job => C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe <==== ATTENTION
Task: C:\Windows\Tasks\BoosterSystem.job => c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30}\8859622263903600648b.exe <==== ATTENTION
Task: C:\Windows\Tasks\ERu2xkbgoRU1qL9ZsHrn.job => C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe <==== ATTENTION
Task: C:\Windows\Tasks\f9XoDBRCX9eGL78fonona.job => C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe <==== ATTENTION
Task: C:\Windows\Tasks\IegYhqYhslLIN39.job => C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe <==== ATTENTION
Task: C:\Windows\Tasks\tK9B2zJ.job => C:\Users\mela\AppData\Roaming\tK9B2zJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\xAlIPKW2I.job => C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe <==== ATTENTION
AlternateDataStreams: C:\Users\mela:zylomtest
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVUA}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTR}
AlternateDataStreams: C:\Users\mela:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVO}
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
FirewallRules: [{52E7D5DF-0976-4B6A-9AB5-09F8EF3F198C}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{33FDE36E-ACE3-4C64-9F90-12D62388EB19}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{F2F72129-DE9E-43A3-8DC6-D1CB0CFC4D76}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{C3216DBD-E140-43E7-8D22-EE893971A616}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{1EF9F235-A229-4AC6-8330-30053058A77A}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{7D5EC0F6-4002-4E62-8ED0-729FCBECD218}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8DC8E014-D510-4EF5-863E-8871EAFB0F95}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{F7BC1424-6E73-4F69-A0A4-8C8F47C92EB9}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{5E785919-73A2-4F39-9665-E2E43EAAD497}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{271C9427-7EAE-423E-8D43-758074FCB6E1}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{CAC4443A-EA32-40A1-8680-9440FA7CC771}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4474392C-64B3-449B-B5BF-162C5A7BA3D3}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{30D0DA6D-242C-42B8-A9B1-873E5088C292}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8ACA9A44-23F9-4BD4-8029-74518F924A26}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{51BF9BE5-8CC6-40E5-9D77-954FA9451A14}] => (Allow) C:\Users\mela\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{FC851951-05DF-44FD-990C-3245DABC727A}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{3653BAD5-FCC6-43CE-9DC0-4830FB1BFC5F}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A030E66F-73F6-477A-AC23-2B0B3DAC46BC}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{4E5044F6-E0C7-47EE-8C4E-531674675960}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
C:\IQIYI Video
C:\program files\common files\tencent
C:\Users\mela\AppData\Roaming\IQIYI Video
C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe
D:\Installer\RocketDock
C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe
C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe
C:\Users\mela\AppData\Roaming\tK9B2zJ.exe
C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe
C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe
C:\Users\mela\AppData\Roaming\mystartsearch
C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe
c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30}
C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe
C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe
C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe
C:\Users\mela\AppData\Roaming\tK9B2zJ.exe
C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe
*****************
 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer" => key removed successfully.
C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\1437014152_xpi => moved successfully
a4xd2idf => service not found.
Adpaysgra-1 => service removed successfully.
"C:\Windows\system32\Drivers\a4xd2idf.sys" => File/Folder not found.
C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt => moved successfully
C:\Users\mela\AppData\Roaming\chrtmp => moved successfully
C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn => moved successfully
C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona => moved successfully
C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39 => moved successfully
C:\Users\mela\AppData\Roaming\tK9B2zJ => moved successfully
C:\Users\mela\AppData\Roaming\xAlIPKW2I => moved successfully
C:\Users\mela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully.
"HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}" => key removed successfully.
"HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}" => key removed successfully.
"HKU\S-1-5-21-1128418022-1035736187-3581221965-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06D6F5C8-F9EB-4C95-9C08-4BEADFDC4178}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D6F5C8-F9EB-4C95-9C08-4BEADFDC4178}" => key removed successfully.
C:\Windows\System32\Tasks\4rYiNFWntPeteEt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4rYiNFWntPeteEt" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0962C482-70C0-41CA-80EC-CA07E1BC83C2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0962C482-70C0-41CA-80EC-CA07E1BC83C2}" => key removed successfully.
C:\Windows\System32\Tasks\{1D50AFD2-1969-46A0-9BC4-2AFF5F7686BB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D50AFD2-1969-46A0-9BC4-2AFF5F7686BB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D07D78C-067D-45EF-B25B-8549659E91B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D07D78C-067D-45EF-B25B-8549659E91B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BoosterSystem" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EA05CDD-4379-420C-B1D1-97FEF6128006}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EA05CDD-4379-420C-B1D1-97FEF6128006}" => key removed successfully.
C:\Windows\System32\Tasks\ERu2xkbgoRU1qL9ZsHrn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ERu2xkbgoRU1qL9ZsHrn" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22B277FA-C0E1-4344-8B54-E8457447C24A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22B277FA-C0E1-4344-8B54-E8457447C24A}" => key removed successfully.
C:\Windows\System32\Tasks\xAlIPKW2I => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\xAlIPKW2I" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49485FCA-07CF-41B5-B6C0-35086DFCF829}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49485FCA-07CF-41B5-B6C0-35086DFCF829}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4596 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE441C0D-2718-4B77-88E8-318B47104629}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE441C0D-2718-4B77-88E8-318B47104629}" => key removed successfully.
C:\Windows\System32\Tasks\tK9B2zJ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tK9B2zJ" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC5667CC-7EBC-49C7-A29F-10792B133606}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC5667CC-7EBC-49C7-A29F-10792B133606}" => key removed successfully.
C:\Windows\System32\Tasks\f9XoDBRCX9eGL78fonona => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f9XoDBRCX9eGL78fonona" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F721B174-0623-4028-B2D0-11993DB25798}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F721B174-0623-4028-B2D0-11993DB25798}" => key removed successfully.
C:\Windows\System32\Tasks\IegYhqYhslLIN39 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IegYhqYhslLIN39" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCF6C032-B44B-4CC4-B839-66D280E5AAA4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF6C032-B44B-4CC4-B839-66D280E5AAA4}" => key removed successfully.
C:\Windows\System32\Tasks\{01FD3C6A-FB7D-440A-A7EE-97CB62FF3C3A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01FD3C6A-FB7D-440A-A7EE-97CB62FF3C3A}" => key removed successfully.
C:\Windows\Tasks\4rYiNFWntPeteEt.job => moved successfully
C:\Windows\Tasks\BoosterSystem.job => moved successfully
C:\Windows\Tasks\ERu2xkbgoRU1qL9ZsHrn.job => moved successfully
C:\Windows\Tasks\f9XoDBRCX9eGL78fonona.job => moved successfully
C:\Windows\Tasks\IegYhqYhslLIN39.job => moved successfully
C:\Windows\Tasks\tK9B2zJ.job => moved successfully
C:\Windows\Tasks\xAlIPKW2I.job => moved successfully
C:\Users\mela => ":zylomtest" ADS removed successfully..
C:\Users\mela => ":zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVUA}" ADS removed successfully..
C:\Users\mela => ":zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTR}" ADS removed successfully..
C:\Users\mela => ":zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVO}" ADS removed successfully..
C:\ProgramData\TEMP => ":8E5EA40F" ADS removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52E7D5DF-0976-4B6A-9AB5-09F8EF3F198C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33FDE36E-ACE3-4C64-9F90-12D62388EB19} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2F72129-DE9E-43A3-8DC6-D1CB0CFC4D76} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3216DBD-E140-43E7-8D22-EE893971A616} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EF9F235-A229-4AC6-8330-30053058A77A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D5EC0F6-4002-4E62-8ED0-729FCBECD218} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DC8E014-D510-4EF5-863E-8871EAFB0F95} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7BC1424-6E73-4F69-A0A4-8C8F47C92EB9} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E785919-73A2-4F39-9665-E2E43EAAD497} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{271C9427-7EAE-423E-8D43-758074FCB6E1} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAC4443A-EA32-40A1-8680-9440FA7CC771} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4474392C-64B3-449B-B5BF-162C5A7BA3D3} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30D0DA6D-242C-42B8-A9B1-873E5088C292} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8ACA9A44-23F9-4BD4-8029-74518F924A26} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51BF9BE5-8CC6-40E5-9D77-954FA9451A14} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC851951-05DF-44FD-990C-3245DABC727A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3653BAD5-FCC6-43CE-9DC0-4830FB1BFC5F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A030E66F-73F6-477A-AC23-2B0B3DAC46BC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E5044F6-E0C7-47EE-8C4E-531674675960} => value removed successfully.
"C:\IQIYI Video" => File/Folder not found.
"C:\program files\common files\tencent" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\IQIYI Video" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe" => File/Folder not found.
D:\Installer\RocketDock => moved successfully
"C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\tK9B2zJ.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\mystartsearch" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.exe" => File/Folder not found.
c:\programdata\{316a2e8c-37ce-1833-316a-a2e8c37cba30} => moved successfully
"C:\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\IegYhqYhslLIN39.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\tK9B2zJ.exe" => File/Folder not found.
"C:\Users\mela\AppData\Roaming\xAlIPKW2I.exe" => File/Folder not found.
 
==== End of Fixlog 04:06:01 ====
 
And this is my logfiles from adwcleaner. I don't see any folder I want to keep.
 
# AdwCleaner v5.004 - Logfile created 31/08/2015 at 04:09:24
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x86)
# Username : mela - MELA-PC
# Running from : C:\Users\mela\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\{a0c7ffba-2d85-1348-a0c7-7ffba2d8fee8}
Folder Found : C:\ProgramData\{be0bd413-f1d0-8196-be0b-bd413f1d504f}
 
***** [ Files ] *****
 
File Found : C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [1294 bytes] ##########
 


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 31 August 2015 - 05:26 AM

Hi agrias7,
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 31 August 2015 - 05:58 AM

-- this is my adware cleaner logfile report --

# AdwCleaner v5.004 - Logfile created 31/08/2015 at 17:43:58
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x86)
# Username : mela - MELA-PC
# Running from : C:\Users\mela\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\{a0c7ffba-2d85-1348-a0c7-7ffba2d8fee8}
[-] Folder Deleted : C:\ProgramData\{be0bd413-f1d0-8196-be0b-bd413f1d504f}
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C14].txt - [1400 bytes] ##########
 
-- this is my FRST --
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-08-2015
Ran by mela (administrator) on MELA-PC (31-08-2015 17:48:17)
Running from C:\Users\mela\Downloads
Loaded Profiles: mela (Available Profiles: mela)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Smadsoft) C:\Program Files\Smadav\SMΔRTP.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Fabio Martin) D:\Installer\7 Sticky Notes\7StickyNotes.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2008-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [RocketDock] => "D:\Installer\RocketDock\RocketDock.exe"
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [Dropbox Update] => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2010-11-28]
ShortcutTarget: 7 Sticky Notes.lnk -> D:\Installer\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-11-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5944DD7F-2E5A-4971-980B-7B024B9D0E4E}: [DhcpNameServer] 8.8.8.8 8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default
FF DefaultSearchUrl: hxxps://id.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1438128716&z=39f4dd738df4b7673196352g5z3cdb8gcobbbq9q7c&from=cmi&uid=SAMSUNGXHM250HI_S1YQJD9S905498
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1128418022-1035736187-3581221965-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF SearchPlugin: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\searchplugins\yahoo-avast.xml [2015-06-26]
FF Extension: Adblock Plus - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-04]
 
Chrome: 
=======
CHR Profile: C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-26]
CHR Extension: (Adblock Pro) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-08-16]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mela\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-09]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-10-01] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [577816 2014-11-05] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2010-11-14] (Broadcom Corporation)
R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2014-10-07] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-06] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [85816 2014-10-07] (Wacom Technology)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-10-07] (Wacom Technology)
U3 a2t4omdb; C:\Windows\system32\Drivers\a2t4omdb.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero byte File/Folder)
S3 qcusbserialser; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 04:08 - 2015-08-31 04:08 - 00000930 _____ C:\Users\mela\Desktop\NEXT STEP.txt
2015-08-31 04:03 - 2015-08-31 04:06 - 01618432 _____ C:\Users\mela\Downloads\AdwCleaner.exe
2015-08-30 14:58 - 2015-08-30 14:59 - 00049798 _____ C:\Users\mela\Downloads\Addition.txt
2015-08-30 14:48 - 2015-08-31 17:49 - 00016826 _____ C:\Users\mela\Downloads\FRST.txt
2015-08-30 14:48 - 2015-08-31 17:48 - 00000000 ____D C:\FRST
2015-08-30 14:36 - 2015-08-30 14:36 - 01690624 _____ (Farbar) C:\Users\mela\Downloads\FRST.exe
2015-08-30 13:55 - 2015-08-30 13:55 - 01798640 _____ (Malwarebytes Corporation) C:\Users\mela\Downloads\JRT.exe
2015-08-29 07:47 - 2015-08-30 13:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 07:47 - 2015-08-29 07:47 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-29 07:42 - 2015-08-29 07:45 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mela\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-28 08:23 - 2015-08-28 08:23 - 00093758 _____ C:\Users\mela\Downloads\template 7.xml
2015-08-27 09:32 - 2015-06-15 16:43 - 00053224 _____ C:\Users\mela\Downloads\Dear Annabelle.otf
2015-08-27 08:37 - 2015-08-27 08:37 - 00091208 _____ C:\Users\mela\Downloads\template 6 with lightbox.xml
2015-08-27 04:04 - 2015-08-27 04:04 - 00089604 _____ C:\Users\mela\Downloads\template 5 gambar di post auto resize.xml
2015-08-26 21:26 - 2015-08-26 21:26 - 00086184 _____ C:\Users\mela\Downloads\template 4 widht sudah agak lebar tapi masih ada sisa dari widget.xml
2015-08-26 21:12 - 2015-08-26 21:12 - 00086270 _____ C:\Users\mela\Downloads\template 3.xml
2015-08-26 18:09 - 2015-08-26 18:09 - 00087958 _____ C:\Users\mela\Downloads\template sederhana.xml
2015-08-19 10:50 - 2015-08-19 10:50 - 00000000 ____D C:\Users\mela\AppData\Roaming\IDM
2015-08-19 10:39 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-08-19 10:38 - 2015-08-26 11:56 - 00000000 ____D C:\Users\mela\Downloads\1dm4n621build18
2015-08-19 07:08 - 2015-08-11 07:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 07:08 - 2015-08-11 07:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-16 11:26 - 2015-08-16 11:26 - 00000000 ____D C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 21:22 - 2015-07-30 20:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:09 - 2015-07-21 07:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 21:09 - 2015-07-17 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 21:09 - 2015-07-17 02:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 21:09 - 2015-07-17 02:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 21:09 - 2015-07-17 02:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 21:09 - 2015-07-17 02:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 21:09 - 2015-07-17 02:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 21:09 - 2015-07-17 02:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 21:09 - 2015-07-17 02:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 21:09 - 2015-07-17 02:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 21:09 - 2015-07-17 02:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 21:09 - 2015-07-17 02:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 21:09 - 2015-07-17 02:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 21:09 - 2015-07-17 02:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 21:09 - 2015-07-17 02:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 21:09 - 2015-07-17 02:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 21:09 - 2015-07-17 02:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 21:09 - 2015-07-17 02:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 21:09 - 2015-07-17 02:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 21:09 - 2015-07-17 01:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 21:09 - 2015-07-17 01:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 21:09 - 2015-07-17 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 21:06 - 2015-07-29 03:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 21:06 - 2015-07-29 03:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 21:06 - 2015-07-29 02:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 21:05 - 2015-07-16 00:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 21:05 - 2015-07-16 00:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 21:05 - 2015-07-16 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 21:05 - 2015-07-16 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 21:05 - 2015-07-16 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 21:05 - 2015-07-15 23:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 21:05 - 2015-07-11 00:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 21:05 - 2015-07-11 00:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 21:05 - 2015-07-11 00:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:05 - 2015-07-02 03:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 21:05 - 2015-07-02 03:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 21:04 - 2015-07-30 23:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:04 - 2015-07-30 23:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:59 - 2015-07-11 00:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:58 - 2015-05-10 01:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-08 07:07 - 2015-08-08 07:07 - 00000000 ____D C:\Users\mela\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 17:49 - 2010-11-14 17:44 - 01836101 _____ C:\Windows\WindowsUpdate.log
2015-08-31 17:46 - 2014-10-11 14:14 - 00000000 ___RD C:\Users\mela\Google Drive
2015-08-31 17:46 - 2011-10-08 11:17 - 00000000 ___RD C:\Users\mela\Dropbox
2015-08-31 17:46 - 2011-10-08 11:14 - 00000000 ____D C:\Users\mela\AppData\Roaming\Dropbox
2015-08-31 17:46 - 2010-11-14 21:45 - 00000000 ____D C:\Users\mela\AppData\Roaming\7 Sticky Notes
2015-08-31 17:45 - 2015-07-13 09:55 - 00006037 _____ C:\Windows\setupact.log
2015-08-31 17:45 - 2015-06-26 10:00 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 17:45 - 2012-06-04 10:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-31 17:45 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 17:43 - 2015-04-21 10:37 - 00000000 ____D C:\AdwCleaner
2015-08-31 17:39 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 17:39 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 16:05 - 2012-04-14 09:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 15:31 - 2015-06-20 08:20 - 00001060 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000UA.job
2015-08-31 15:17 - 2015-06-26 10:00 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 14:06 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
2015-08-30 14:05 - 2015-01-22 05:59 - 00000000 ____D C:\Users\mela\AppData\Roaming\uTorrent
2015-08-30 13:34 - 2013-06-23 21:12 - 00000000 ____D C:\Windows\pss
2015-08-30 12:59 - 2010-11-14 18:25 - 00207240 _____ C:\Windows\PFRO.log
2015-08-29 10:53 - 2011-05-08 07:55 - 00000000 ____D C:\Users\mela\Downloads\Compressed
2015-08-29 06:31 - 2015-06-20 08:20 - 00001008 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000Core.job
2015-08-28 04:10 - 2009-07-14 11:33 - 00530960 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-27 09:50 - 2010-11-14 18:41 - 00171320 _____ C:\Users\mela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 11:39 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Globalization
2015-08-23 12:09 - 2015-06-26 10:17 - 00002119 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-19 11:59 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2015-08-18 05:06 - 2012-04-14 09:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-18 05:06 - 2011-08-24 07:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-17 04:17 - 2014-10-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-16 11:54 - 2015-06-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-16 11:54 - 2013-06-12 08:40 - 00000824 _____ C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-08-16 11:33 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-16 11:10 - 2014-12-11 09:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 11:10 - 2014-05-06 18:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 21:42 - 2012-09-24 10:15 - 00000039 _____ C:\Windows\vbaddin.ini
2015-08-12 21:42 - 2010-11-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 21:35 - 2013-08-15 09:31 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:28 - 2010-12-24 12:13 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 04:08 - 2012-05-26 16:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-05 08:09 - 2013-02-10 16:49 - 00000000 ____D C:\ProgramData\CanonIJ
 
==================== Files in the root of some directories =======
 
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\AtStart.txt
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\DSwitch.txt
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\QSwitch.txt
2015-04-21 10:34 - 2015-04-21 10:34 - 0011248 _____ () C:\Users\mela\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\mela\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaivbnt.dll
C:\Users\mela\AppData\Local\Temp\ooswy.cmd.exe
C:\Users\mela\AppData\Local\Temp\ose00000.exe
C:\Users\mela\AppData\Local\Temp\Quarantine.exe
C:\Users\mela\AppData\Local\Temp\set561B.tmp.exe
C:\Users\mela\AppData\Local\Temp\Sims3Launcher.ex_.exe
C:\Users\mela\AppData\Local\Temp\sqlite3.dll
C:\Users\mela\AppData\Local\Temp\VP6Install.exe
C:\Users\mela\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-04-16 17:57] - [2015-07-22 07:24] - 0270336 ____A (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-19 11:30
 
==================== End of FRST.txt ============================


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 31 August 2015 - 07:56 AM

Hi agrias7,
 
Do you have a USB?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 31 August 2015 - 09:46 PM

yes i do



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 01 September 2015 - 05:14 AM

Hi agrias7
 
FRST Scan from RECOVERY Environment on Vista, 7, and 8:
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. Please download the 64 bit version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 
 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
Select Command Prompt
 
==========
 
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 01 September 2015 - 09:49 PM

Hi, Toffee... my system is 32 bit. so i downloaded the 32 bit version.

 

this is my log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by SYSTEM on MININT-GQ0E0QJ (02-09-2015 09:42:41)
Running from g:\
Platform: Windows 7 Home Basic (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2008-01-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-22] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\mela\...\Run: [RocketDock] => "D:\Installer\RocketDock\RocketDock.exe"
HKU\mela\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\mela\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\mela\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\mela\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-28] (Google)
HKU\mela\...\Run: [Dropbox Update] => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2010-11-28]
ShortcutTarget: 7 Sticky Notes.lnk -> D:\Installer\7 Sticky Notes\7StickyNotes.exe (No File)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-10]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-11-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-29] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-22] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [577816 2014-11-04] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2010-11-14] (Broadcom Corporation)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2014-10-06] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-17] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-05] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-20] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-20] (MCCI Corporation)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [85816 2014-10-06] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-10-06] (Wacom Technology)
S3 qcusbserialser; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 13:08 - 2015-08-30 13:08 - 00000930 _____ C:\Users\mela\Desktop\NEXT STEP.txt
2015-08-30 13:03 - 2015-08-30 13:06 - 01618432 _____ C:\Users\mela\Downloads\AdwCleaner.exe
2015-08-29 23:58 - 2015-08-31 02:51 - 00045673 _____ C:\Users\mela\Downloads\Addition.txt
2015-08-29 23:48 - 2015-09-02 09:42 - 00000000 ____D C:\FRST
2015-08-29 23:48 - 2015-08-31 02:51 - 00038239 _____ C:\Users\mela\Downloads\FRST.txt
2015-08-29 23:36 - 2015-09-01 18:38 - 01690624 _____ (Farbar) C:\Users\mela\Downloads\FRST.exe
2015-08-29 22:55 - 2015-08-29 22:55 - 01798640 _____ (Malwarebytes Corporation) C:\Users\mela\Downloads\JRT.exe
2015-08-28 16:47 - 2015-08-29 22:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-08-28 16:47 - 2015-08-28 16:47 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-28 16:47 - 2015-08-28 16:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-28 16:47 - 2015-06-17 17:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-08-28 16:47 - 2015-06-17 17:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-08-28 16:47 - 2015-06-17 17:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-08-28 16:42 - 2015-08-28 16:45 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mela\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-26 18:32 - 2015-06-15 01:43 - 00053224 _____ C:\Users\mela\Downloads\Dear Annabelle.otf
2015-08-18 19:50 - 2015-08-18 19:50 - 00000000 ____D C:\Users\mela\AppData\Roaming\IDM
2015-08-18 19:39 - 2015-08-18 19:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-08-18 19:38 - 2015-08-25 20:56 - 00000000 ____D C:\Users\mela\Downloads\1dm4n621build18
2015-08-18 16:08 - 2015-08-10 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-08-18 16:08 - 2015-08-10 16:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-08-12 06:22 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 06:09 - 2015-07-20 16:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-08-12 06:09 - 2015-07-16 12:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-08-12 06:09 - 2015-07-16 11:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-08-12 06:09 - 2015-07-16 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-08-12 06:09 - 2015-07-16 11:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-08-12 06:09 - 2015-07-16 11:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-08-12 06:09 - 2015-07-16 11:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-08-12 06:09 - 2015-07-16 11:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-08-12 06:09 - 2015-07-16 11:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-08-12 06:09 - 2015-07-16 11:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-08-12 06:09 - 2015-07-16 11:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-08-12 06:09 - 2015-07-16 11:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-08-12 06:09 - 2015-07-16 11:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-08-12 06:09 - 2015-07-16 11:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-08-12 06:09 - 2015-07-16 11:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-08-12 06:09 - 2015-07-16 11:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-12 06:09 - 2015-07-16 11:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-08-12 06:09 - 2015-07-16 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-12 06:09 - 2015-07-16 11:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-08-12 06:09 - 2015-07-16 11:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-08-12 06:09 - 2015-07-16 11:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-08-12 06:09 - 2015-07-16 11:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-08-12 06:09 - 2015-07-16 11:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-08-12 06:09 - 2015-07-16 11:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-08-12 06:09 - 2015-07-16 11:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-08-12 06:09 - 2015-07-16 11:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-08-12 06:09 - 2015-07-16 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-08-12 06:09 - 2015-07-16 10:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-08-12 06:09 - 2015-07-16 10:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-08-12 06:09 - 2015-07-16 10:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-08-12 06:06 - 2015-07-28 12:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-08-12 06:06 - 2015-07-28 12:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-08-12 06:06 - 2015-07-28 12:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-08-12 06:06 - 2015-07-28 12:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-08-12 06:06 - 2015-07-28 12:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-08-12 06:06 - 2015-07-28 12:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-08-12 06:06 - 2015-07-28 12:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-08-12 06:06 - 2015-07-28 11:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-08-12 06:05 - 2015-07-20 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-08-12 06:05 - 2015-07-20 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-08-12 06:05 - 2015-07-20 09:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-08-12 06:05 - 2015-07-15 09:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2015-08-12 06:05 - 2015-07-15 09:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-08-12 06:05 - 2015-07-15 09:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-08-12 06:05 - 2015-07-15 09:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-08-12 06:05 - 2015-07-15 09:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-08-12 06:05 - 2015-07-15 09:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-08-12 06:05 - 2015-07-15 09:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-08-12 06:05 - 2015-07-15 09:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-08-12 06:05 - 2015-07-15 09:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-08-12 06:05 - 2015-07-15 09:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-08-12 06:05 - 2015-07-15 09:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-08-12 06:05 - 2015-07-15 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-08-12 06:05 - 2015-07-15 09:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-08-12 06:05 - 2015-07-15 09:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-08-12 06:05 - 2015-07-15 09:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-08-12 06:05 - 2015-07-15 09:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-08-12 06:05 - 2015-07-15 08:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-08-12 06:05 - 2015-07-15 08:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-08-12 06:05 - 2015-07-15 08:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-08-12 06:05 - 2015-07-10 09:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-12 06:05 - 2015-07-10 09:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-08-12 06:05 - 2015-07-10 09:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2015-08-12 06:05 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-12 06:05 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 06:05 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-12 06:05 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-08-12 06:04 - 2015-07-30 09:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-08-12 06:04 - 2015-07-30 08:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-08-12 06:04 - 2015-07-30 08:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-08-12 05:59 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-12 05:58 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-08-12 05:58 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-08-12 05:58 - 2015-07-14 18:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-08-12 05:58 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-08-12 05:58 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-08-12 05:58 - 2015-05-09 10:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-07 16:07 - 2015-08-07 16:07 - 00000000 ____D C:\Users\mela\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 18:41 - 2010-11-14 06:45 - 00000000 ____D C:\Users\mela\AppData\Roaming\7 Sticky Notes
2015-09-01 18:41 - 2010-11-14 02:44 - 01986898 _____ C:\Windows\WindowsUpdate.log
2015-09-01 18:41 - 2009-07-13 20:34 - 00021392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 18:41 - 2009-07-13 20:34 - 00021392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 18:38 - 2011-10-07 20:17 - 00000000 ___RD C:\Users\mela\Dropbox
2015-09-01 18:38 - 2011-10-07 20:14 - 00000000 ____D C:\Users\mela\AppData\Roaming\Dropbox
2015-09-01 18:37 - 2014-10-10 23:14 - 00000000 ___RD C:\Users\mela\Google Drive
2015-09-01 18:34 - 2015-07-12 18:55 - 00006373 _____ C:\Windows\setupact.log
2015-09-01 18:34 - 2012-06-03 19:52 - 00000374 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2015-09-01 14:56 - 2010-11-14 02:51 - 00782510 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-01 00:01 - 2012-05-26 01:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-31 02:43 - 2015-04-20 19:37 - 00000000 ____D C:\AdwCleaner
2015-08-29 23:06 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2015-08-29 23:05 - 2015-01-21 14:59 - 00000000 ____D C:\Users\mela\AppData\Roaming\uTorrent
2015-08-29 22:34 - 2013-06-23 06:12 - 00000000 ____D C:\Windows\pss
2015-08-29 21:59 - 2010-11-14 03:25 - 00207240 _____ C:\Windows\PFRO.log
2015-08-28 19:53 - 2011-05-07 16:55 - 00000000 ____D C:\Users\mela\Downloads\Compressed
2015-08-27 13:10 - 2009-07-13 20:33 - 00530960 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-26 18:50 - 2010-11-14 03:41 - 00171320 _____ C:\Users\mela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-25 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization
2015-08-22 21:09 - 2015-06-25 19:17 - 00002119 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 20:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2015-08-17 14:06 - 2012-04-13 18:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-08-17 14:06 - 2011-08-23 16:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-08-15 20:33 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-15 20:10 - 2014-12-10 18:34 - 00000000 ____D C:\Windows\System32\appraiser
2015-08-15 20:10 - 2014-05-06 03:16 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-08-12 06:42 - 2012-09-23 19:15 - 00000039 _____ C:\Windows\vbaddin.ini
2015-08-12 06:42 - 2010-11-14 03:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 06:40 - 2010-12-08 20:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 06:35 - 2013-08-14 18:31 - 00000000 ____D C:\Windows\System32\MRT
2015-08-12 06:28 - 2010-12-23 21:13 - 129304528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-08-04 17:09 - 2013-02-10 01:49 - 00000000 ____D C:\ProgramData\CanonIJ
 
Some files in TEMP:
====================
C:\Users\mela\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1l3kkt.dll
C:\Users\mela\AppData\Local\Temp\ooswy.cmd.exe
C:\Users\mela\AppData\Local\Temp\ose00000.exe
C:\Users\mela\AppData\Local\Temp\Quarantine.exe
C:\Users\mela\AppData\Local\Temp\set561B.tmp.exe
C:\Users\mela\AppData\Local\Temp\Sims3Launcher.ex_.exe
C:\Users\mela\AppData\Local\Temp\sqlite3.dll
C:\Users\mela\AppData\Local\Temp\VP6Install.exe
C:\Users\mela\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-13 23:34] - [2015-04-12 19:19] - 0259072 ____A (Microsoft Corporation) 0780A42DBD7D9969F9BF4A19AA4285B5
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2011-04-16 02:57] - [2015-07-21 16:24] - 0270336 ____A (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point date: 2015-08-29 23:05:35
Restore point date: 2015-08-30 00:05:50
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 1978.96 MB
Available physical RAM: 1533.43 MB
Total Virtual: 1978.96 MB
Available Virtual: 1537.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.5 GB) (Free:10.53 GB) NTFS
Drive e: () (Fixed) (Total:174.29 GB) (Free:134.96 GB) NTFS
Drive g: (6103008038) (Removable) (Total:7.23 GB) (Free:7.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 31A431A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)
 
 
LastRegBack: 2015-08-18 20:30
 
==================== End of FRST.txt ============================


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 04 September 2015 - 04:30 AM

Hi agrias7,
 
Feel free to boot into back into normal mode.

  • Press windows key on the keyboard and then type cmd into the search programs and files box.
  • Right-click on cmd.exe and then select Run as Administrator.
  • A command prompt will open, type the contents of the codebox below into the command prompt and press enter:
sfc /scannow
  • It will say whether it could fix corrupted files or not.

--------------
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 04 September 2015 - 11:10 PM

Hi toffee...

 

this is my emsisoft log

 

Emsisoft Emergency Kit - Version 10.0

Last update: 05/09/2015 8:01:42

User account: mela-PC\mela

 

Scan settings:

 

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

 

Scan start: 05/09/2015 8:04:18

Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}  detected: Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B696F285-F54E-2524-58B1-E06A70ABE6BE}  detected: Application.Bundle (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}  detected: Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}  detected: Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}  detected: Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\WEBAPP  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GEEPLAYER.DIR  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GEEPLAYER.EXE  detected: Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU  detected: Application.Toolbar (A)

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}  detected: Application.AdInstall (A)

Value: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)

Value: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\SMARTBAR  detected: Application.InstallAd (A)

C:\Program Files\Mozilla Firefox\cfg  detected: Adware.Mplug.JX ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01QKW95K\AnyProtect[1].exe  detected: Adware.Agent.PCA ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\AnyProtectSetup[1].exe  detected: Application.Win32.AdProtect (A)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\AnyProtectSetup[2].exe  detected: Application.Win32.AdProtect (A)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\FriendlyError_s4[1].exe  detected: Trojan.GenericKD.2588476 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\prepreinstaller_win[1].exe  detected: Gen:Variant.Mikey.20082 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DLVN3S4\setup_362[1].exe  detected: Trojan.GenericKD.2478098 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ74A2AL\FinalInstaller_dotnet4[1].exe  detected: Gen:Variant.Adware.Zusy.146056 ( B)

C:\Users\mela\AppData\Local\Temp\nsm3602.tmp  detected: Trojan.GenericKD.2610354 ( B)

C:\Users\mela\Downloads\Programs\CT2207613_00699_00706_072054_BL.EXE  detected: Application.Toolbar (A)

C:\Windows\TEMP\1827.tmp.exe  detected: Gen:Variant.Adware.Graftor.207429 ( B)

C:\Windows\TEMP\27AD.tmp.exe  detected: Gen:Variant.Adware.Graftor.219994 ( B)

C:\Windows\TEMP\2897.tmp.exe  detected: Gen:Variant.Application.Graftor.226349 ( B)

C:\Windows\TEMP\2CB1.tmp.exe  detected: Gen:Variant.Zusy.157736 ( B)

C:\Windows\TEMP\3331.tmp.exe  detected: Application.Generic.1433971 ( B)

C:\Windows\TEMP\36AF.tmp.exe  detected: Gen:Variant.Adware.Symmi.55560 ( B)

C:\Windows\TEMP\450C.tmp.exe  detected: Gen:Variant.Adware.Graftor.238900 ( B)

C:\Windows\TEMP\4742.tmp.exe  detected: Gen:Variant.Adware.Graftor.205457 ( B)

C:\Windows\TEMP\4E8E.tmp.exe  detected: Gen:Variant.Zusy.157736 ( B)

C:\Windows\TEMP\5957.tmp.exe  detected: Gen:Variant.Adware.Graftor.207429 ( B)

C:\Windows\TEMP\5C44.tmp.exe  detected: Gen:Variant.Adware.Graftor.205457 ( B)

C:\Windows\TEMP\982B.tmp.exe  detected: Gen:Variant.Adware.Mikey.20396 ( B)

C:\Windows\TEMP\BFB7.tmp.exe  detected: Gen:Variant.Zusy.153983 ( B)

C:\Windows\TEMP\D337.tmp.exe  detected: Gen:Variant.Mikey.22108 ( B)

C:\Windows\TEMP\DC8F.tmp.exe  detected: Gen:Variant.Zusy.156651 ( B)

C:\Windows\TEMP\F32A.tmp.exe  detected: Gen:Variant.Adware.Graftor.238900 ( B)

C:\Windows\TEMP\F3D4.tmp.exe  detected: Gen:Variant.Zusy.156530 ( B)

 

Scanned 84082

Found 108

Scan end: 05/09/2015 8:23:51

Scan time: 0:19:33

 

C:\Windows\TEMP\F3D4.tmp.exe Quarantined Gen:Variant.Zusy.156530 ( B)

C:\Windows\TEMP\F32A.tmp.exe Quarantined Gen:Variant.Adware.Graftor.238900 ( B)

C:\Windows\TEMP\DC8F.tmp.exe Quarantined Gen:Variant.Zusy.156651 ( B)

C:\Windows\TEMP\D337.tmp.exe Quarantined Gen:Variant.Mikey.22108 ( B)

C:\Windows\TEMP\BFB7.tmp.exe Quarantined Gen:Variant.Zusy.153983 ( B)

C:\Windows\TEMP\982B.tmp.exe Quarantined Gen:Variant.Adware.Mikey.20396 ( B)

C:\Windows\TEMP\5C44.tmp.exe Quarantined Gen:Variant.Adware.Graftor.205457 ( B)

C:\Windows\TEMP\5957.tmp.exe Quarantined Gen:Variant.Adware.Graftor.207429 ( B)

C:\Windows\TEMP\4E8E.tmp.exe Quarantined Gen:Variant.Zusy.157736 ( B)

C:\Windows\TEMP\4742.tmp.exe Quarantined Gen:Variant.Adware.Graftor.205457 ( B)

C:\Windows\TEMP\450C.tmp.exe Quarantined Gen:Variant.Adware.Graftor.238900 ( B)

C:\Windows\TEMP\36AF.tmp.exe Quarantined Gen:Variant.Adware.Symmi.55560 ( B)

C:\Windows\TEMP\3331.tmp.exe Quarantined Application.Generic.1433971 ( B)

C:\Windows\TEMP\2CB1.tmp.exe Quarantined Gen:Variant.Zusy.157736 ( B)

C:\Windows\TEMP\2897.tmp.exe Quarantined Gen:Variant.Application.Graftor.226349 ( B)

C:\Windows\TEMP\27AD.tmp.exe Quarantined Gen:Variant.Adware.Graftor.219994 ( B)

C:\Windows\TEMP\1827.tmp.exe Quarantined Gen:Variant.Adware.Graftor.207429 ( B)

C:\Users\mela\Downloads\Programs\CT2207613_00699_00706_072054_BL.EXE Quarantined Application.Toolbar (A)

C:\Users\mela\AppData\Local\Temp\nsm3602.tmp Quarantined Trojan.GenericKD.2610354 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ74A2AL\FinalInstaller_dotnet4[1].exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DLVN3S4\setup_362[1].exe Quarantined Trojan.GenericKD.2478098 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\prepreinstaller_win[1].exe Quarantined Gen:Variant.Mikey.20082 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\FriendlyError_s4[1].exe Quarantined Trojan.GenericKD.2588476 ( B)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\AnyProtectSetup[2].exe Quarantined Application.Win32.AdProtect (A)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\AnyProtectSetup[1].exe Quarantined Application.Win32.AdProtect (A)

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01QKW95K\AnyProtect[1].exe Quarantined Adware.Agent.PCA ( B)

C:\Program Files\Mozilla Firefox\cfg Quarantined Adware.Mplug.JX ( B)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\SMARTBAR Quarantined Application.InstallAd (A)

Value: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)

Value: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} Quarantined Application.AdInstall (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GEEPLAYER.DIR Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\WEBAPP Quarantined Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} Quarantined Application.Toolbar (A)

Key: HKEY_USERS\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} Quarantined Application.Toolbar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B696F285-F54E-2524-58B1-E06A70ABE6BE} Quarantined Application.Bundle (A)

Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Quarantined Application.Toolbar (A)

 

Quarantined 107

 

and this is my eset log

 

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\61e7e76e-b9c0-4f5a-ad0f-2de4ffe1e00b.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\61e7e76e-b9c0-4f5a-ad0f-2de4ffe1e00b.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\f0e092fc-a1ae-4d70-896e-6e9f7a4cb77d.xpi.vir JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\CinemaPlus-3.2cV02.07\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CN potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir a variant of Win32/AlteredSoftware.E potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\gmsd_ra_005010020\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\gmsd_ra_005010020\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\miuitab\defsearchp@gmail.com!1.0.0.1039.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\mozilla firefox\dbghelp.dll.vir a variant of Win32/Adware.MultiPlug.IY application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\PragmaModulator\PragmaModulator.dll.vir a variant of Win32/SProtector.Q potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Rising\App.exe.vir a variant of Win32/HideBaid.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Local\gmsd_ra_005010020\upgmsd_ra_005010020.exe.vir a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\0PW7I@O6K0o.net\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\7c09b9c7041bd14e084a8d877a46837d.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\262.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\263.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\289.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\334.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\389.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\gXB70kw@ZE.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\kw1SV@d.org\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\lKg75gP@n.edu\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\searchengine@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\veggy@veggyAddon.com\chrome\content\main.js.vir JS/Kryptik.I trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\veggy@veggyAddon.com\chrome\content\vgValidator.js.vir JS/Kryptik.I trojan cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\ZY@7o9qx6X1o.net\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\4rYiNFWntPeteEt.xBAD JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\ERu2xkbgoRU1qL9ZsHrn.xBAD JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\f9XoDBRCX9eGL78fonona.xBAD JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\IegYhqYhslLIN39.xBAD JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\tK9B2zJ.xBAD JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\xAlIPKW2I.xBAD JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\1437014152_xpi\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01QKW95K\AnyProtectSetup[1].exe Win32/AnyProtect.G potentially unwanted application deleted - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01QKW95K\Setup[1].exe a variant of Win32/InstallCore.VV potentially unwanted application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01QKW95K\setup[2].exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FSWSTUN\rcpsetup_17970[1].exe Win32/Systweak.D potentially unwanted application deleted - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DLVN3S4\SearchUpdater[1].exe a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DLVN3S4\VuuPC_VO2_8907[1].exe Win32/InstallMonetizer.BG potentially unwanted application deleted - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PU2QS05Z\yontoosetup[1].exe multiple threats cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ74A2AL\policyname[1].exe a variant of Win32/Adware.ConvertAd.WD application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ74A2AL\Reimage[2].exe a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined

C:\Users\mela\AppData\Local\Temp\nsb3046.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsg8F.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsgC00B.tmp a variant of Win32/Adware.ConvertAd.YL.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsgE8DF.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsh4963.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsh69AF.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsjFA86.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined

C:\Users\mela\AppData\Local\Temp\nsm4CA1.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsm5D9E.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsmA5A9.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsq5D29.tmp a variant of Win32/Adware.ConvertAd.WD application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsr1539.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsr4472.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsr58DC.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsr761D.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsrACA6.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsrC3CF.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsrD946.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsw1F17.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nsw5025.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nswE6CD.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Local\Temp\nswF213.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined

C:\Users\mela\AppData\Roaming\uTorrent\updates\3.4.2_37951.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined

C:\Users\mela\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined

C:\Users\mela\Downloads\Programs\DTLite4471-0335.exe Win32/DownWare.L potentially unwanted application deleted - quarantined

C:\Users\mela\Downloads\Programs\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined

D:\1911.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined

D:\Installer\desume\SoftonicEnglish_desmume-0.9.5-win32.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 05 September 2015 - 04:40 AM

Hi agrias7,
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 05 September 2015 - 10:43 PM

Hi Toffee, this is my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by mela (administrator) on MELA-PC (06-09-2015 10:39:26)
Running from C:\Users\mela\Downloads
Loaded Profiles: mela (Available Profiles: mela)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Smadsoft) C:\Program Files\Smadav\SMΔRTP.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2008-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [RocketDock] => "D:\Installer\RocketDock\RocketDock.exe"
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\...\Run: [Dropbox Update] => C:\Users\mela\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mela\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2010-11-28]
ShortcutTarget: 7 Sticky Notes.lnk -> D:\Installer\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\mela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-11-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5944DD7F-2E5A-4971-980B-7B024B9D0E4E}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1128418022-1035736187-3581221965-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://id.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default
FF DefaultSearchUrl: hxxps://id.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1438128716&z=39f4dd738df4b7673196352g5z3cdb8gcobbbq9q7c&from=cmi&uid=SAMSUNGXHM250HI_S1YQJD9S905498
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1128418022-1035736187-3581221965-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF SearchPlugin: C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\searchplugins\yahoo-avast.xml [2015-06-26]
FF Extension: Adblock Plus - C:\Users\mela\AppData\Roaming\Mozilla\Firefox\Profiles\oxu2sgzw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-04]
 
Chrome: 
=======
CHR Profile: C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-26]
CHR Extension: (Adblock Pro) - C:\Users\mela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-08-16]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mela\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-09]
CHR HKU\S-1-5-21-1128418022-1035736187-3581221965-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-10-01] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [577816 2014-11-05] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2010-11-14] (Broadcom Corporation)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2014-10-07] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-06] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [85816 2014-10-07] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-10-07] (Wacom Technology)
U3 amrhvyng; C:\Windows\system32\Drivers\amrhvyng.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 qcusbserialser; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-05 10:55 - 2015-09-05 10:55 - 00047036 _____ C:\Users\mela\Desktop\ESET.txt
2015-09-05 09:05 - 2015-09-05 09:05 - 00000000 ____D C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 08:38 - 2015-09-05 08:38 - 00000000 ____D C:\Program Files\ESET
2015-09-05 08:36 - 2015-09-05 08:36 - 02870984 _____ (ESET) C:\Users\mela\Downloads\esetsmartinstaller_enu.exe
2015-09-05 07:58 - 2015-09-05 07:58 - 00000743 _____ C:\Users\mela\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-05 07:57 - 2015-09-05 07:59 - 00000000 ____D C:\EEK
2015-09-05 07:10 - 2015-09-05 07:31 - 165251064 _____ C:\Users\mela\Downloads\EmsisoftEmergencyKit.exe
2015-09-04 10:47 - 2015-09-04 10:47 - 00571679 _____ C:\Users\mela\Downloads\skin_color_swatches_by_deviantnep-ddx3g3.zip
2015-08-31 04:08 - 2015-08-31 04:08 - 00000930 _____ C:\Users\mela\Desktop\NEXT STEP.txt
2015-08-31 04:03 - 2015-08-31 04:06 - 01618432 _____ C:\Users\mela\Downloads\AdwCleaner.exe
2015-08-30 14:58 - 2015-08-31 17:51 - 00045673 _____ C:\Users\mela\Downloads\Addition.txt
2015-08-30 14:48 - 2015-09-06 10:39 - 00016618 _____ C:\Users\mela\Downloads\FRST.txt
2015-08-30 14:48 - 2015-09-06 10:39 - 00000000 ____D C:\FRST
2015-08-30 14:36 - 2015-09-02 09:38 - 01690624 _____ (Farbar) C:\Users\mela\Downloads\FRST.exe
2015-08-30 13:55 - 2015-08-30 13:55 - 01798640 _____ (Malwarebytes Corporation) C:\Users\mela\Downloads\JRT.exe
2015-08-29 07:47 - 2015-08-30 13:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 07:47 - 2015-08-29 07:47 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-08-29 07:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-29 07:47 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-29 07:47 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-29 07:42 - 2015-08-29 07:45 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mela\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-27 09:32 - 2015-06-15 16:43 - 00053224 _____ C:\Users\mela\Downloads\Dear Annabelle.otf
2015-08-19 10:50 - 2015-08-19 10:50 - 00000000 ____D C:\Users\mela\AppData\Roaming\IDM
2015-08-19 10:39 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-08-19 10:38 - 2015-08-26 11:56 - 00000000 ____D C:\Users\mela\Downloads\1dm4n621build18
2015-08-19 07:08 - 2015-08-11 07:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 07:08 - 2015-08-11 07:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 21:22 - 2015-07-30 20:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:09 - 2015-07-21 07:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 21:09 - 2015-07-17 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 21:09 - 2015-07-17 02:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 21:09 - 2015-07-17 02:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 21:09 - 2015-07-17 02:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 21:09 - 2015-07-17 02:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 21:09 - 2015-07-17 02:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 21:09 - 2015-07-17 02:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 21:09 - 2015-07-17 02:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 21:09 - 2015-07-17 02:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 21:09 - 2015-07-17 02:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 21:09 - 2015-07-17 02:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 21:09 - 2015-07-17 02:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 21:09 - 2015-07-17 02:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 21:09 - 2015-07-17 02:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 21:09 - 2015-07-17 02:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 21:09 - 2015-07-17 02:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 21:09 - 2015-07-17 02:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 21:09 - 2015-07-17 02:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 21:09 - 2015-07-17 02:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 21:09 - 2015-07-17 02:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 21:09 - 2015-07-17 02:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 21:09 - 2015-07-17 02:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 21:09 - 2015-07-17 01:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 21:09 - 2015-07-17 01:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 21:09 - 2015-07-17 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 21:06 - 2015-07-29 03:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 21:06 - 2015-07-29 03:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 21:06 - 2015-07-29 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 21:06 - 2015-07-29 02:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 21:05 - 2015-07-21 00:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 21:05 - 2015-07-21 00:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 21:05 - 2015-07-16 00:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 21:05 - 2015-07-16 00:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 21:05 - 2015-07-16 00:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 21:05 - 2015-07-16 00:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 21:05 - 2015-07-16 00:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 21:05 - 2015-07-16 00:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 21:05 - 2015-07-16 00:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 21:05 - 2015-07-16 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 21:05 - 2015-07-16 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 21:05 - 2015-07-16 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 21:05 - 2015-07-16 00:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 21:05 - 2015-07-15 23:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 21:05 - 2015-07-15 23:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 21:05 - 2015-07-11 00:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 21:05 - 2015-07-11 00:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 21:05 - 2015-07-11 00:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:05 - 2015-07-10 00:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:05 - 2015-07-02 03:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 21:05 - 2015-07-02 03:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 21:04 - 2015-07-31 00:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 21:04 - 2015-07-30 23:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:04 - 2015-07-30 23:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:59 - 2015-07-11 00:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:58 - 2015-07-15 09:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:58 - 2015-07-15 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:58 - 2015-05-10 01:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-08 07:07 - 2015-08-08 07:07 - 00000000 ____D C:\Users\mela\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 10:39 - 2010-11-14 17:44 - 01225271 _____ C:\Windows\WindowsUpdate.log
2015-09-06 10:39 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 10:39 - 2009-07-14 11:34 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 10:33 - 2014-10-11 14:14 - 00000000 ___RD C:\Users\mela\Google Drive
2015-09-06 10:33 - 2011-10-08 11:17 - 00000000 ___RD C:\Users\mela\Dropbox
2015-09-06 10:33 - 2011-10-08 11:14 - 00000000 ____D C:\Users\mela\AppData\Roaming\Dropbox
2015-09-06 10:32 - 2010-11-14 21:45 - 00000000 ____D C:\Users\mela\AppData\Roaming\7 Sticky Notes
2015-09-06 10:31 - 2015-07-13 09:55 - 00007157 _____ C:\Windows\setupact.log
2015-09-06 10:31 - 2015-06-26 10:00 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 10:31 - 2012-06-04 10:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-06 10:31 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 21:31 - 2015-06-20 08:20 - 00001060 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000UA.job
2015-09-05 21:23 - 2015-06-26 10:00 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-05 21:05 - 2012-04-14 09:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 08:33 - 2015-04-30 10:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-05 07:06 - 2011-04-16 17:57 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-04 05:31 - 2015-06-26 10:17 - 00002119 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 06:31 - 2015-06-20 08:20 - 00001008 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1128418022-1035736187-3581221965-1000Core.job
2015-09-02 05:56 - 2010-11-14 17:51 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 15:01 - 2012-05-26 16:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-31 17:43 - 2015-04-21 10:37 - 00000000 ____D C:\AdwCleaner
2015-08-30 14:06 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
2015-08-30 14:05 - 2015-01-22 05:59 - 00000000 ____D C:\Users\mela\AppData\Roaming\uTorrent
2015-08-30 13:34 - 2013-06-23 21:12 - 00000000 ____D C:\Windows\pss
2015-08-30 12:59 - 2010-11-14 18:25 - 00207240 _____ C:\Windows\PFRO.log
2015-08-29 10:53 - 2011-05-08 07:55 - 00000000 ____D C:\Users\mela\Downloads\Compressed
2015-08-28 04:10 - 2009-07-14 11:33 - 00530960 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-27 09:50 - 2010-11-14 18:41 - 00171320 _____ C:\Users\mela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 11:39 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Globalization
2015-08-19 11:59 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2015-08-18 05:06 - 2012-04-14 09:57 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-18 05:06 - 2011-08-24 07:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-17 04:17 - 2014-10-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-16 11:54 - 2015-06-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-16 11:54 - 2013-06-12 08:40 - 00000824 _____ C:\Users\mela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-08-16 11:33 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-16 11:10 - 2014-12-11 09:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 11:10 - 2014-05-06 18:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 21:42 - 2012-09-24 10:15 - 00000039 _____ C:\Windows\vbaddin.ini
2015-08-12 21:42 - 2010-11-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 21:40 - 2010-12-09 11:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 21:35 - 2013-08-15 09:31 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:28 - 2010-12-24 12:13 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\AtStart.txt
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\DSwitch.txt
2010-11-14 18:04 - 2010-11-14 18:04 - 0000000 _____ () C:\Users\mela\AppData\Local\QSwitch.txt
2015-04-21 10:34 - 2015-04-21 10:34 - 0011248 _____ () C:\Users\mela\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\mela\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawfemi.dll
C:\Users\mela\AppData\Local\Temp\ooswy.cmd.exe
C:\Users\mela\AppData\Local\Temp\ose00000.exe
C:\Users\mela\AppData\Local\Temp\Quarantine.exe
C:\Users\mela\AppData\Local\Temp\set561B.tmp.exe
C:\Users\mela\AppData\Local\Temp\Sims3Launcher.ex_.exe
C:\Users\mela\AppData\Local\Temp\sqlite3.dll
C:\Users\mela\AppData\Local\Temp\VP6Install.exe
C:\Users\mela\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-03 11:21
 
==================== End of FRST.txt ============================
 
thx


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:28 AM

Posted 06 September 2015 - 05:29 AM

Hi agrias7,
 
How is the system working now? :)

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 agrias7

agrias7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 07 September 2015 - 08:16 PM

hei toffee... I'm having trouble reply your post.

It take loong time to send my reply and it failed.

 

I did what you tell me. The Kaspersky do not detect any malware or virus. But, the shopping pop up still shows. And I got this malware too, I don't know what its name. Sometimes it will open a new tab when I clicked somewhere in a page (any page I open). The URL says connect5364.com then it will redirect to trfillers.com. This malware already exist before I started to follow your instructions. Scanning with anti-malware you gave me didn't affect these two.

 

Thx


Edited by agrias7, 07 September 2015 - 08:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users