Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi there, Possible Spyware or Trojan.


  • Please log in to reply
4 replies to this topic

#1 VictorWu

VictorWu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 01 September 2015 - 09:42 PM

Hi, I encountered strange folders and programs appearing 2-3 months ago, so I formatted my laptop then.

 

Yesterday I was going through my folders and files and it seemed like it's happening again? (Msn Live, Photo Gallery, Movie Maker etc)

I wonder if it could be installed by the vendor back then in Taiwan.

 

Appreciate the help!

 

 


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Vic (administrator) on PC (02-09-2015 10:35:02)
Running from C:\Users\Vic\Downloads
Loaded Profiles: UpdatusUser & Vic (Available Profiles: UpdatusUser & Vic)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-27] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2014-01-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891568 2014-01-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-03] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-03] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-09-10] (MSI)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-08-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [249856 2014-01-23] (SteelSeries ApS)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-20] (Valve Corporation)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\...\Run: [GoogleChromeAutoLaunch_278209370FF94061A837B2120CA1AD3C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\...\Run: [BingSvc] => C:\Users\Vic\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-02]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-02]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2F8B87AB-EA54-4E43-B369-5C1A0D669419}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2533786230-2158722319-1287442544-1002 -> DefaultScope {2B21E175-BA12-48AC-8358-7FAEAE9C1122} URL = 
SearchScopes: HKU\S-1-5-21-2533786230-2158722319-1287442544-1002 -> {2B21E175-BA12-48AC-8358-7FAEAE9C1122} URL = 
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-27]
CHR Extension: (Google Docs) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-27]
CHR Extension: (Google Drive) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-27]
CHR Extension: (YouTube) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-27]
CHR Extension: (Google Search) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-27]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-06]
CHR Extension: (Google Sheets) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BITCOMET_HELPER_SERVICE; D:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-01-27] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-03] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-10] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-12] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2014-01-27] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-09] (Qualcomm Atheros) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-19] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2014-01-27] (Intel Corporation)
S3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2014-01-27] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-01-27] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2012-10-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [26496 2013-12-13] (SteelSeries Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-08] ()
R4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 fgrdapog; \??\C:\Users\Vic\AppData\Local\Temp\fgrdapog.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-02 10:28 - 2015-09-02 10:35 - 00024488 _____ C:\Users\Vic\Downloads\FRST.txt
2015-09-02 10:28 - 2015-09-02 10:28 - 00041517 _____ C:\Users\Vic\Downloads\Addition.txt
2015-09-02 09:36 - 2015-09-02 09:36 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-02 09:36 - 2015-09-02 09:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-02 09:34 - 2015-09-02 09:34 - 22722120 _____ C:\Users\Vic\Downloads\RogueKillerX64.exe
2015-09-02 09:26 - 2015-09-02 09:26 - 01654272 _____ C:\Users\Vic\Downloads\AdwCleaner.exe
2015-09-02 08:35 - 2015-09-02 08:35 - 00041256 _____ C:\Users\Vic\Desktop\Addition.txt
2015-09-02 08:34 - 2015-09-02 10:35 - 00000000 ____D C:\FRST
2015-09-02 08:34 - 2015-09-02 08:35 - 00045709 _____ C:\Users\Vic\Desktop\FRST.txt
2015-09-02 08:34 - 2015-09-02 08:34 - 02188800 _____ (Farbar) C:\Users\Vic\Downloads\FRST64.exe
2015-09-02 08:28 - 2015-09-02 08:28 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vic\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 08:18 - 2015-09-02 08:18 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Vic\Downloads\mbam-clean-2.1.1.1001.exe
2015-09-02 07:34 - 2015-09-02 07:34 - 00380416 _____ C:\Users\Vic\Downloads\gmp.exe
2015-09-02 07:24 - 2015-09-02 07:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-02 07:23 - 2015-09-02 07:34 - 00000000 ____D C:\Users\Vic\Desktop\mbar
2015-09-02 07:22 - 2015-09-02 07:23 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Vic\Downloads\mbar-1.09.2.1008.exe
2015-09-02 07:15 - 2015-09-02 07:15 - 01186640 _____ C:\Users\Vic\Downloads\ProcessExplorer.zip
2015-09-02 07:07 - 2015-09-02 07:07 - 00002303 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-09-02 07:07 - 2015-09-02 07:07 - 00000000 ____D C:\Users\Vic\Documents\Add-in Express
2015-09-02 07:07 - 2015-09-02 07:07 - 00000000 ____D C:\Users\Vic\AppData\Local\WinZip
2015-09-02 07:07 - 2015-09-02 07:07 - 00000000 ____D C:\ProgramData\WinZip
2015-09-02 07:07 - 2015-09-02 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-09-02 07:07 - 2015-09-02 07:07 - 00000000 ____D C:\Program Files\WinZip
2015-09-02 07:03 - 2015-09-02 07:03 - 00880584 _____ ( ) C:\Users\Vic\Downloads\winzip19_c4u.exe
2015-09-02 07:02 - 2015-09-02 07:02 - 00291606 _____ C:\Users\Vic\Downloads\TCPView.zip
2015-09-02 05:39 - 2015-09-02 05:39 - 00852704 _____ C:\Users\Vic\Downloads\SecurityCheck.exe
2015-09-02 02:27 - 2015-09-02 02:27 - 00000000 ___RD C:\Users\Vic\Documents\Notes
2015-08-28 23:56 - 2015-09-01 06:09 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Skype
2015-08-28 23:56 - 2015-08-28 23:56 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-28 23:56 - 2015-08-28 23:56 - 00000000 ____D C:\Users\Vic\Tracing
2015-08-28 23:56 - 2015-08-28 23:56 - 00000000 ____D C:\Users\Vic\AppData\Local\Skype
2015-08-28 23:56 - 2015-08-28 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-28 23:55 - 2015-08-28 23:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-28 23:55 - 2015-08-28 23:56 - 00000000 ____D C:\ProgramData\Skype
2015-08-28 23:54 - 2015-08-28 23:55 - 40699424 _____ (Skype Technologies S.A.) C:\Users\Vic\Downloads\SkypeSetupFull.exe
2015-08-28 10:14 - 2015-09-01 06:08 - 00000000 ____D C:\Users\Vic\OneDrive
2015-08-26 19:51 - 2015-08-26 19:51 - 00031584 _____ C:\Users\Vic\Desktop\Mommy's.txt
2015-08-20 19:03 - 2015-08-20 19:04 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Tera_Awesomium
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\Users\Vic\AppData\Local\TERA
2015-08-19 18:45 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:45 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-13 16:26 - 2015-08-13 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 18:52 - 2015-07-30 22:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:52 - 2015-07-30 21:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:17 - 2015-07-29 07:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 18:17 - 2015-07-28 22:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 18:17 - 2015-07-28 22:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 18:17 - 2015-07-28 22:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 18:17 - 2015-07-28 22:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 18:17 - 2015-07-28 22:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 18:17 - 2015-07-28 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 18:17 - 2015-07-19 09:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 18:17 - 2015-07-19 02:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 18:17 - 2015-07-19 02:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 18:17 - 2015-07-19 02:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 18:17 - 2015-07-19 02:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 18:17 - 2015-07-19 02:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-12 18:17 - 2015-07-19 02:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 18:17 - 2015-07-19 02:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 18:17 - 2015-07-19 02:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 18:17 - 2015-07-19 02:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 18:17 - 2015-07-19 02:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 18:17 - 2015-07-19 02:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 18:17 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 18:17 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 18:17 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 18:17 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 18:17 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 18:17 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 18:17 - 2015-07-17 03:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-12 18:17 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 18:17 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 18:17 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 18:17 - 2015-07-17 03:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-12 18:17 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 18:17 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 18:17 - 2015-07-17 03:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-12 18:17 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 18:17 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 18:17 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 18:17 - 2015-07-17 03:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-12 18:17 - 2015-07-17 03:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-12 18:17 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 18:17 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 18:17 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 18:17 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 18:17 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 18:17 - 2015-07-17 02:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-12 18:17 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 18:17 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 18:17 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 18:17 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 18:17 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 18:17 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 18:17 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 18:17 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 18:17 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 18:17 - 2015-07-07 17:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-12 18:17 - 2015-07-07 17:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-12 18:17 - 2015-07-07 17:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-12 18:17 - 2015-07-02 06:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 18:17 - 2015-07-02 06:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 18:17 - 2015-07-02 05:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 18:17 - 2015-07-02 05:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 18:17 - 2015-06-13 01:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-12 18:17 - 2015-06-13 00:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 18:17 - 2015-06-10 02:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-12 18:16 - 2015-07-29 22:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 18:16 - 2015-07-29 22:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 18:16 - 2015-07-29 22:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 18:16 - 2015-07-25 02:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 18:16 - 2015-07-25 02:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 18:16 - 2015-07-25 02:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 18:16 - 2015-07-25 01:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 18:16 - 2015-07-25 01:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 18:16 - 2015-07-15 05:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-12 18:16 - 2015-07-15 05:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-12 18:16 - 2015-07-15 05:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-12 18:16 - 2015-07-14 11:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 18:16 - 2015-07-14 11:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 18:16 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 18:16 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 18:16 - 2015-07-11 02:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 18:16 - 2015-07-11 01:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 18:16 - 2015-07-11 01:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 18:16 - 2015-07-11 01:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 18:16 - 2015-07-11 00:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 18:16 - 2015-07-11 00:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 18:16 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 18:16 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 18:16 - 2015-07-10 00:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 18:16 - 2015-06-12 04:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-12 18:16 - 2015-06-12 04:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-12 18:16 - 2015-05-12 08:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-05 09:38 - 2015-08-05 09:39 - 00000000 ____D C:\Users\Vic\Desktop\Mp3
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-02 10:35 - 2015-06-27 12:13 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 10:31 - 2015-07-05 12:20 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-02 10:23 - 2015-06-27 23:55 - 00000000 ____D C:\Users\Vic\AppData\Local\ClassicShell
2015-09-02 10:02 - 2015-06-27 10:40 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2533786230-2158722319-1287442544-1002
2015-09-02 10:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-02 08:19 - 2015-06-30 06:11 - 00000000 ____D C:\Users\Vic\AppData\Local\CrashDumps
2015-09-02 07:50 - 2015-07-05 12:22 - 00000000 ___RD C:\Users\Vic\Dropbox
2015-09-02 07:07 - 2013-11-14 04:29 - 00002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-09-02 06:54 - 2015-06-27 10:12 - 01364935 _____ C:\Windows\WindowsUpdate.log
2015-09-01 20:35 - 2015-06-27 12:13 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 18:31 - 2015-07-05 12:20 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-01 06:13 - 2013-11-14 03:02 - 00141150 _____ C:\Windows\system32\prfh0404.dat
2015-09-01 06:13 - 2013-11-14 03:02 - 00045302 _____ C:\Windows\system32\prfc0404.dat
2015-09-01 06:13 - 2013-11-14 02:52 - 00450000 _____ C:\Windows\system32\prfh0804.dat
2015-09-01 06:13 - 2013-11-14 02:52 - 00140290 _____ C:\Windows\system32\prfc0804.dat
2015-09-01 06:13 - 2013-11-14 02:38 - 00353702 _____ C:\Windows\system32\prfh0416.dat
2015-09-01 06:13 - 2013-11-14 02:38 - 00053380 _____ C:\Windows\system32\prfc0416.dat
2015-09-01 06:13 - 2013-11-14 02:24 - 00181626 _____ C:\Windows\system32\perfh012.dat
2015-09-01 06:13 - 2013-11-14 02:24 - 00045302 _____ C:\Windows\system32\perfc012.dat
2015-09-01 06:13 - 2013-11-14 02:06 - 00372082 _____ C:\Windows\system32\perfh00A.dat
2015-09-01 06:13 - 2013-11-14 02:06 - 00056618 _____ C:\Windows\system32\perfc00A.dat
2015-09-01 06:13 - 2013-11-14 02:00 - 00331496 _____ C:\Windows\system32\perfh007.dat
2015-09-01 06:13 - 2013-11-14 02:00 - 00053160 _____ C:\Windows\system32\perfc007.dat
2015-09-01 06:13 - 2013-11-14 01:03 - 02956842 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 06:09 - 2015-07-05 12:20 - 00000000 ____D C:\Users\Vic\AppData\Local\Dropbox
2015-09-01 06:07 - 2013-08-22 22:46 - 00049205 _____ C:\Windows\setupact.log
2015-09-01 06:07 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 06:07 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-29 20:30 - 2015-06-27 12:13 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 20:30 - 2015-06-27 12:13 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 23:56 - 2015-06-27 10:35 - 00000000 ____D C:\Users\Vic
2015-08-28 23:53 - 2015-06-27 10:35 - 00000000 ____D C:\Users\Vic\AppData\Local\Packages
2015-08-28 23:53 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-28 10:14 - 2015-06-27 20:43 - 00000000 ___RD C:\Users\Vic\OneDrive.old
2015-08-22 03:14 - 2015-06-27 20:43 - 00003080 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2533786230-2158722319-1287442544-1002
2015-08-20 01:39 - 2015-07-20 16:28 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-20 01:37 - 2015-07-20 16:28 - 00000000 ____D C:\Users\Vic\AppData\Roaming\CyberLink
2015-08-19 19:27 - 2013-11-14 04:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-19 18:45 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-16 06:15 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-08-15 19:05 - 2013-11-14 00:53 - 00935672 _____ C:\Windows\PFRO.log
2015-08-15 19:05 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 19:05 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 19:05 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 19:05 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-15 19:05 - 2013-08-22 22:44 - 00373288 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 16:26 - 2015-07-05 12:20 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-12 18:52 - 2015-06-28 00:12 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 18:49 - 2015-06-28 00:12 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 18:48 - 2015-06-30 17:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 18:48 - 2015-06-30 17:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 18:48 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 18:48 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 17:02 - 2015-07-31 12:11 - 00000000 ____D C:\Users\Vic\AppData\Roaming\HpUpdate
2015-08-08 21:55 - 2013-08-22 23:38 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 21:55 - 2013-08-22 23:38 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-03 17:35 - 2015-06-28 00:11 - 00000000 ____D C:\Users\Vic\Desktop\New folder
 
==================== Files in the root of some directories =======
 
2015-06-29 19:36 - 2015-06-29 19:36 - 0002675 _____ () C:\Users\Vic\AppData\Local\recently-used.xbel
2015-07-31 12:10 - 2015-07-31 12:16 - 0000851 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Vic\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Vic\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Vic\AppData\Local\Temp\COMAP.EXE
C:\Users\Vic\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Vic\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgbyezl.dll
C:\Users\Vic\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrewxn.dll
C:\Users\Vic\AppData\Local\Temp\EBU3872.exe
C:\Users\Vic\AppData\Local\Temp\EBU44A7.DLL
C:\Users\Vic\AppData\Local\Temp\pidgen.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-30 07:48
 
==================== End of FRST.txt ============================
 
 

It says I do not have permission to paste the addition .txt...

Edited by VictorWu, 01 September 2015 - 09:49 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 02 September 2015 - 09:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

(Msn Live, Photo Gallery, Movie Maker etc)

These come with the Operating system. Yours to use or not.
If your computer is running well I would leave them alone.
Should you decide to remove them always use the Add/Remove Programs applet if listed. Otherwise just delete the folders.
Make sure you have a good restore point before deleting a folder. If something goes wrong you can restore the application


Nothing suspicious was found on your FRST log, this is just a cleanup of empy entries.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - https://clients2.google.com/service/update2/crx
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 fgrdapog; \??\C:\Users\Vic\AppData\Local\Temp\fgrdapog.sys [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 VictorWu

VictorWu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 September 2015 - 01:31 PM

Hi, thanks.

It wouldn't let me paste the Addition.txtAttached File  Addition.txt   40.55KB   2 downloads


Edited by VictorWu, 02 September 2015 - 01:36 PM.


#4 VictorWu

VictorWu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 September 2015 - 01:41 PM

Hi, this is the fixlog.txt

Thanks.
 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Vic (2015-09-03 02:36:51) Run:1
Running from C:\Users\Vic\Downloads
Loaded Profiles: UpdatusUser & Vic (Available Profiles: UpdatusUser & Vic)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - https://clients2.google.com/service/update2/crx
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 fgrdapog; \??\C:\Users\Vic\AppData\Local\Temp\fgrdapog.sys [X]
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKU\S-1-5-21-2533786230-2158722319-1287442544-1002\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhigneefebkcagnpnpbibganpmfgebnk" => key removed successfully
MBAMService => service removed successfully
MBAMProtector => service removed successfully
MBAMProtector => service not found.
MWAC => service removed successfully
MWAC => service not found.
MBAMSwissArmy => Unable to stop service.
MBAMSwissArmy => service removed successfully
fgrdapog => service removed successfully
EmptyTemp: => 2.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 02:37:09 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 03 September 2015 - 06:59 AM


The addition.txt file is clean.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users