Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting Pop up tabs and floating ad box ( all browsers )


  • This topic is locked This topic is locked
39 replies to this topic

#1 screamgfx

screamgfx

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 05 November 2015 - 01:19 PM

Hi !

 

My problem is the new redirecting virus known with the domain " lopsxqvibncpktmtmodesfpeqjtxidodelulsnlh.com "

It simply works like this:

I open any website usually i see a floating box contains google ads just like the one in the following image...

 

2yUPRGq.jpg

 

this don't show always but what happens all the time is that on the first click wherever on the page a new tab opens and goes to the mentioned domain just like this photo...

 

y4gg3RE.jpg

Then redirects to a random malicious domain but now it only goes to one domain which is "www.tradeadexchange.com" which is also blocked all the time by Malwarebytes like this ...

 

uNeIfHV.jpg

 

The same happens on IE, Firefox and Google chrome

and i have no suspicious extensions... it even still works the same with all browsers reset and data cleaned

 

Note: it works on all websites except "https" secured domains like google, Facebook, Twitter ...etc.

 

i can't find any trace to it on my computer and browsers were reset million times with no change so the problem can't be in a browser i think

 

That is a previous topic here for me with the same problem that @Broni thanks to him guided me in the end to post here again..

Link here

 

You can find much more details about the beginning of this problem in that topic and the steps i've been through due to the helper guidance.

 

Here's the FRST log asked for 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Fujitsu (administrator) on FUJITSU-PC (05-11-2015 18:25:12)
Running from C:\Users\Fujitsu\Desktop
Loaded Profiles: Fujitsu (Available Profiles: Fujitsu & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) E:\revouninstaller-portable\Revouninstaller.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.4.2\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.4.2\node_modules\triggers\bin\lightevt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Run: [RocketDock] => C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe [495616 2010-06-22] ()
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\MountPoints2: {461e049c-d034-11e3-87f7-806e6f6e6963} - F:\start.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [176904 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 31.3.252.70 37.220.8.189
Tcpip\..\Interfaces\{D765A530-D99F-44B9-8003-4C36EF8286D2}: [DhcpNameServer] 31.3.252.70 37.220.8.189
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-24] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Adobe Reader\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fujitsu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-06-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-06-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fujitsu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-24] (Pando Networks)
FF HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fujitsu\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Fujitsu\AppData\Roaming\IDM\idmmzcc5 [2015-10-29] [not signed]
FF HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-03]
CHR Extension: (Google Docs) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-03]
CHR Extension: (Google Drive) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-03]
CHR Extension: (YouTube) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-03]
CHR Extension: (Google Search) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Gmail™ Notifier) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2015-11-03]
CHR Extension: (Google Sheets) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-03]
CHR Extension: (IDM Integration Module) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-05-20] (Fork, Ltd.) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [74448 2013-07-18] (FUJITSU LIMITED)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-05] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-09] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-16] (Electronic Arts)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-12] (FUJITSU LIMITED)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-02-22] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 vssbrigde64; no ImagePath
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
S3 esgiguard; E:\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\esgiguard.sys [15920 2015-10-25] (Enigma Software Group USA, LLC.)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
U0 inurosk; C:\Windows\System32\drivers\kowy.sys [79064 2015-11-05] (Malwarebytes)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 SecDrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [28624 2015-07-20] () [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1849752 2013-07-25] (Sonix Co. Ltd.)
S3 Spring; no ImagePath
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206104 2014-12-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S3 WinRing0_1_2_0; no ImagePath
S3 X6va021; no ImagePath
S3 X6va022; no ImagePath
S3 X6va023; no ImagePath
S3 X6va025; no ImagePath
S3 xhunter1; no ImagePath
S3 cpuz137; \??\C:\Users\Fujitsu\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\windows\SysWOW64\Drivers\X6va060 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-05 18:25 - 2015-11-05 18:25 - 00026568 _____ C:\Users\Fujitsu\Desktop\FRST.txt
2015-11-05 18:24 - 2015-11-05 18:25 - 00000000 ____D C:\FRST
2015-11-05 18:24 - 2015-11-05 18:19 - 02198016 _____ (Farbar) C:\Users\Fujitsu\Desktop\FRST64.exe
2015-11-05 13:00 - 2015-11-05 13:00 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\kowy.sys
2015-11-05 12:25 - 2015-11-05 12:25 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-05 12:25 - 2015-11-05 12:25 - 00001899 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2015-11-05 12:25 - 2015-11-05 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-05 12:25 - 2015-11-05 12:25 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-05 12:08 - 2015-11-05 12:08 - 00000000 ____H C:\ProgramData\cm-lock
2015-11-04 20:23 - 2015-11-05 12:08 - 00000224 _____ C:\windows\setupact.log
2015-11-04 20:23 - 2015-11-04 20:23 - 00000000 _____ C:\windows\setuperr.log
2015-11-03 21:20 - 2015-11-03 21:20 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-03 21:20 - 2015-11-03 21:20 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-11-03 21:20 - 2015-11-03 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-03 21:12 - 2015-11-05 18:18 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-03 21:12 - 2015-11-05 12:06 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-03 21:12 - 2015-11-03 21:12 - 00003896 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-03 21:12 - 2015-11-03 21:12 - 00003644 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-03 20:20 - 2015-11-05 17:24 - 00114827 _____ C:\windows\WindowsUpdate.log
2015-11-03 18:13 - 2015-11-03 18:13 - 00000000 ____H C:\asc_rdflag
2015-11-03 16:41 - 2015-11-03 16:41 - 00000438 _____ C:\Users\Fujitsu\Downloads\debug.log
2015-11-03 15:24 - 2015-11-03 09:09 - 00000030 _____ C:\AVScanner.ini
2015-11-03 15:16 - 2015-11-03 15:16 - 00929872 _____ (Google Inc.) C:\Users\Fujitsu\Downloads\ChromeSetup.exe
2015-11-03 09:10 - 2015-11-03 09:10 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Macromedia
2015-11-03 09:08 - 2015-11-03 09:08 - 00000000 ____D C:\ProgramData\McAfee
2015-11-02 22:48 - 2015-11-02 22:48 - 00781312 _____ C:\Users\Fujitsu\Desktop\delfix_1.011.exe
2015-11-02 22:36 - 2015-11-02 22:36 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2015-11-02 22:36 - 2015-11-02 22:36 - 00000000 ____D C:\ProgramData\Documents\PC Faster
2015-11-02 22:07 - 2015-11-03 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 22:07 - 2015-11-03 16:33 - 00002912 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Fujitsu
2015-11-02 22:07 - 2015-11-02 22:38 - 00000000 ____D C:\ProgramData\ProductData
2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\ProductData
2015-11-02 17:47 - 2015-11-02 17:47 - 00000000 ____D C:\ProgramData\Sophos
2015-11-02 17:44 - 2015-11-02 17:44 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-11-02 17:44 - 2015-11-02 17:44 - 00002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2015-11-02 17:44 - 2015-11-02 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-02 17:43 - 2015-11-02 17:43 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-11-02 17:14 - 2015-11-02 17:14 - 00001369 _____ C:\Users\Fujitsu\Desktop\JRT.txt
2015-11-02 17:07 - 2015-11-02 17:07 - 01801288 _____ (Malwarebytes) C:\Users\Fujitsu\Desktop\JRT_2.exe
2015-11-02 16:46 - 2015-11-02 16:46 - 01708032 _____ C:\Users\Fujitsu\Desktop\adwcleaner_5.016.exe
2015-11-02 16:42 - 2015-11-02 16:42 - 00448512 _____ (OldTimer Tools) C:\Users\Fujitsu\Desktop\TFC.exe
2015-11-02 02:31 - 2015-11-02 02:35 - 00006876 _____ C:\Users\Fujitsu\Desktop\Rkill.txt
2015-11-02 02:28 - 2015-11-02 02:28 - 00001288 _____ C:\Users\Fujitsu\Desktop\Auto Shutdown.lnk
2015-11-02 01:58 - 2015-11-02 02:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-02 01:53 - 2015-11-02 02:30 - 00000000 ____D C:\Users\Fujitsu\Desktop\mbar
2015-11-02 01:52 - 2015-11-02 01:52 - 00001055 _____ C:\Users\Fujitsu\Desktop\mbam.txt
2015-11-02 01:28 - 2015-11-02 01:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Fujitsu\Desktop\mbar-1.09.3.1001.exe
2015-11-02 01:10 - 2015-11-02 01:11 - 00043086 _____ C:\Users\Fujitsu\Desktop\MTB.txt
2015-11-02 01:09 - 2015-11-02 01:09 - 00002349 _____ C:\Users\Fujitsu\Desktop\FSS.txt
2015-11-02 01:08 - 2015-11-02 01:08 - 00001017 _____ C:\Users\Fujitsu\Desktop\1st_checkup.txt
2015-11-02 00:59 - 2015-11-02 00:59 - 00899072 _____ (Farbar) C:\Users\Fujitsu\Desktop\FSS.exe
2015-11-02 00:57 - 2015-11-02 00:57 - 00852720 _____ C:\Users\Fujitsu\Desktop\SecurityCheck.exe
2015-11-01 11:25 - 2015-11-01 11:25 - 02870984 _____ (ESET) C:\Users\Fujitsu\Desktop\esetsmartinstaller_enu.exe
2015-11-01 11:25 - 2015-11-01 11:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-30 19:50 - 2015-10-30 19:50 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Fujitsu\Desktop\rkill.exe
2015-10-30 19:32 - 2015-10-30 19:32 - 00891392 _____ (Farbar) C:\Users\Fujitsu\Desktop\MiniToolBox.exe
2015-10-30 17:16 - 2015-10-30 17:16 - 00000031 _____ C:\Users\Fujitsu\AppData\Local\burnaware.ini
2015-10-30 17:05 - 2015-10-30 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-30 16:48 - 2015-10-30 17:16 - 00000370 _____ C:\Users\Fujitsu\AppData\Roaming\burnaware.ini
2015-10-30 16:14 - 2015-10-30 17:03 - 00000000 ____D C:\Program Files (x86)\WinISO Computing
2015-10-30 16:14 - 2015-10-30 16:14 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\WinISO Computing
2015-10-30 16:14 - 2015-10-30 16:14 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\WinISO Computing
2015-10-30 16:13 - 2015-10-30 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-10-30 16:13 - 2015-10-30 16:17 - 00000000 ____D C:\Program Files (x86)\MagicISO
2015-10-30 13:20 - 2015-10-30 13:20 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\NVIDIA
2015-10-28 22:08 - 2015-10-28 22:27 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-28 21:04 - 2015-11-02 17:01 - 00000000 ____D C:\AdwCleaner
2015-10-28 13:11 - 2015-10-28 13:11 - 00002029 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2015-10-28 13:11 - 2015-10-28 13:11 - 00002029 _____ C:\ProgramData\Desktop\ESET Banking & Payment protection.lnk
2015-10-28 13:11 - 2015-10-28 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-10-28 12:10 - 2015-10-28 12:10 - 00000000 ____D C:\ProgramData\ESET
2015-10-26 21:49 - 2015-11-03 19:47 - 00005624 _____ C:\spyhunter.fix
2015-10-26 21:49 - 2015-10-25 16:12 - 00022400 _____ C:\windows\SysWOW64\sh4native.exe
2015-10-26 21:21 - 2015-10-26 21:21 - 00003290 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-10-25 16:59 - 2015-10-25 16:59 - 00001222 _____ C:\Users\Fujitsu\Desktop\SpyHunterPortable.exe.lnk
2015-10-25 14:27 - 2015-10-25 14:27 - 00000000 _____ C:\autoexec.bat
2015-10-21 18:25 - 2015-10-21 18:25 - 00000000 ____D C:\windows\SysWOW64\NV
2015-10-21 18:25 - 2015-10-21 18:25 - 00000000 ____D C:\windows\system32\NV
2015-10-21 18:25 - 2015-10-21 18:25 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\NVIDIA
2015-10-21 18:24 - 2015-10-21 18:24 - 00001383 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-21 18:24 - 2015-10-21 18:24 - 00001383 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2015-10-21 18:23 - 2015-10-21 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-21 18:23 - 2015-08-27 02:37 - 01423120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2015-10-21 18:23 - 2015-08-27 02:37 - 01316000 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2015-10-21 18:23 - 2015-08-27 02:36 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2015-10-21 18:23 - 2015-08-27 02:36 - 01710568 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2015-10-21 18:22 - 2015-11-05 12:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-21 18:22 - 2015-09-13 23:50 - 00574072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2015-10-21 18:21 - 2015-09-14 00:09 - 06884984 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 03496056 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 02558584 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 01062192 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 00937776 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2015-10-21 18:21 - 2015-09-14 00:09 - 00385144 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 00074872 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2015-10-21 18:21 - 2015-09-14 00:09 - 00062584 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2015-10-21 18:21 - 2015-09-11 14:17 - 05231082 _____ C:\windows\system32\nvcoproc.bin
2015-10-21 18:11 - 2015-09-14 02:29 - 42840368 _____ C:\windows\system32\nvcompiler.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 37819000 _____ C:\windows\SysWOW64\nvcompiler.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 18543736 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 17082928 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 15513208 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-10-21 18:11 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6435598.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6435598.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2015-10-21 18:11 - 2015-09-14 02:29 - 00033079 _____ C:\windows\system32\nvinfo.pb
2015-10-21 18:11 - 2015-09-14 02:29 - 00031352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2015-10-21 18:11 - 2015-08-11 06:52 - 00072504 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2015-10-21 18:11 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2015-10-21 18:11 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2015-10-18 23:51 - 2015-10-18 23:51 - 00000618 _____ C:\Users\Fujitsu\Desktop\Edu.lnk
2015-10-17 17:53 - 2015-10-17 17:53 - 00002151 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-10-17 17:53 - 2015-10-17 17:53 - 00002151 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2015-10-17 17:53 - 2015-10-17 17:53 - 00000000 ____D C:\Users\Public\Foxit Software
2015-10-17 17:53 - 2015-10-17 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-10-16 14:29 - 2015-06-12 04:00 - 00197616 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
2015-10-12 18:08 - 2015-10-12 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-10-12 11:23 - 2015-10-12 11:23 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-12 11:23 - 2015-10-12 11:23 - 00001847 _____ C:\ProgramData\Desktop\QuickTime Player.lnk
2015-10-12 11:23 - 2015-10-12 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-12 11:22 - 2015-10-12 11:23 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-12 11:22 - 2015-10-12 11:22 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-11 16:15 - 2015-10-11 16:15 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-11 16:04 - 2015-10-11 16:04 - 00000000 ___HD C:\$Windows.~WS
2015-10-07 10:20 - 2015-10-08 20:15 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\0A66083A.sys
2015-10-07 06:16 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\windows\system32\Drivers\ekbdflt.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-05 17:27 - 2009-07-14 06:45 - 00061536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-05 17:27 - 2009-07-14 06:45 - 00061536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 17:23 - 2014-07-17 20:12 - 00000936 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000UA.job
2015-11-05 13:00 - 2015-08-04 15:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-05 12:19 - 2014-06-03 18:08 - 00007592 _____ C:\Users\Fujitsu\AppData\Local\resmon.resmoncfg
2015-11-05 12:08 - 2015-03-10 06:51 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-05 12:06 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-04 22:27 - 2014-06-04 13:13 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\DMCache
2015-11-04 20:53 - 2015-05-03 13:40 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\TeamViewer
2015-11-04 20:17 - 2014-07-17 20:12 - 00000914 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000Core.job
2015-11-04 19:43 - 2014-06-04 13:13 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\IDM
2015-11-04 19:21 - 2014-11-09 09:22 - 00000176 _____ C:\Users\Fujitsu\Desktop\PASSWORD.txt
2015-11-04 17:45 - 2015-06-09 23:28 - 00000666 _____ C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2015-11-04 17:45 - 2014-04-30 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-03 21:12 - 2014-07-05 14:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-03 21:11 - 2014-04-30 09:03 - 00000000 ____D C:\Users\Fujitsu
2015-11-03 21:10 - 2014-07-11 16:36 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Adobe
2015-11-03 20:30 - 2014-04-30 09:37 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 20:30 - 2014-04-30 09:37 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 20:16 - 2015-06-09 23:28 - 00003374 _____ C:\windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}
2015-11-03 20:11 - 2015-06-22 06:29 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\uTorrent
2015-11-03 20:11 - 2015-01-19 18:20 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\CrashDumps
2015-11-03 18:13 - 2015-04-16 21:28 - 85491712 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2015-11-03 18:13 - 2015-04-16 21:28 - 00282624 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2015-11-03 18:13 - 2015-04-16 21:28 - 00065536 _____ C:\windows\system32\config\SAM.iodefrag.bak
2015-11-03 18:13 - 2015-04-16 21:28 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2015-11-03 15:35 - 2015-04-10 05:16 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\MPC-HC
2015-11-03 15:16 - 2015-03-30 09:50 - 00002187 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-11-03 15:16 - 2015-03-30 09:50 - 00002187 _____ C:\ProgramData\Desktop\Advanced SystemCare 8.lnk
2015-11-02 22:09 - 2015-02-28 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-02 22:09 - 2014-04-30 09:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-02 19:41 - 2015-07-16 00:47 - 00000858 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-02 19:41 - 2015-07-16 00:47 - 00000858 _____ C:\ProgramData\Desktop\PowerISO.lnk
2015-11-01 11:43 - 2014-04-30 09:44 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Skype
2015-10-31 20:43 - 2009-07-14 07:13 - 00785630 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-31 17:34 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Registration
2015-10-30 20:55 - 2015-05-02 18:54 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-10-30 17:17 - 2015-03-24 07:01 - 00001908 _____ C:\windows\diagwrn.xml
2015-10-30 17:17 - 2015-03-24 07:01 - 00001908 _____ C:\windows\diagerr.xml
2015-10-30 17:06 - 2015-07-16 00:47 - 00000000 ____D C:\Program Files\PowerISO
2015-10-30 15:50 - 2014-06-03 16:27 - 00000000 ____D C:\windows\Minidump
2015-10-30 13:51 - 2015-01-04 00:31 - 00001456 _____ C:\Users\Fujitsu\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-29 19:25 - 2014-06-04 13:13 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-10-28 22:33 - 2014-04-30 09:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-28 22:32 - 2015-07-20 16:17 - 00000000 ____D C:\Program Files (x86)\Crave
2015-10-28 15:51 - 2015-02-06 15:22 - 00000000 ____D C:\ProgramData\IObit
2015-10-28 13:50 - 2015-04-05 14:48 - 00000000 ____D C:\CFLog
2015-10-28 11:51 - 2014-06-17 19:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-26 21:09 - 2014-06-07 00:23 - 00000000 ____D C:\Users\Fujitsu\Documents\KONAMI
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieUserList
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieSiteList
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieBrowserModeList
2015-10-26 18:22 - 2015-03-11 14:14 - 00000000 ____D C:\windows\pss
2015-10-26 17:53 - 2015-01-29 22:30 - 00000000 ____D C:\Users\Fujitsu\Documents\Bluetooth Folder
2015-10-25 15:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PLA
2015-10-24 20:03 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-10-21 18:23 - 2014-04-30 09:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-21 18:23 - 2014-04-30 09:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-21 18:23 - 2014-04-30 09:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-21 18:21 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Help
2015-10-21 18:12 - 2014-06-13 07:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\NVIDIA Corporation
2015-10-15 18:03 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-10-15 17:50 - 2015-03-10 06:50 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-15 17:50 - 2015-03-10 06:50 - 00001108 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-15 17:50 - 2015-03-10 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 17:50 - 2015-03-10 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 17:25 - 2015-08-03 10:30 - 00000034 _____ C:\Users\Fujitsu\AppData\Roaming\AdobeWLCMCache.dat
2015-10-14 14:09 - 2014-07-11 16:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 13:57 - 2015-01-08 15:57 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 11:47 - 2014-04-30 09:39 - 00000000 ____D C:\ProgramData\Skype
2015-10-13 11:45 - 2014-04-30 19:54 - 00000000 ____D C:\windows\Panther
2015-10-12 18:08 - 2014-10-11 10:26 - 00000424 _____ C:\Users\Fujitsu\AppData\Local\UserProducts.xml
2015-10-12 11:00 - 2009-07-14 06:45 - 05548472 _____ C:\windows\system32\FNTCACHE.DAT
2015-10-11 19:22 - 2014-04-30 09:27 - 00283352 _____ C:\Users\Fujitsu\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-10 17:15 - 2015-04-06 08:54 - 00000000 ____D C:\Program Files (x86)\Steam
 
==================== Files in the root of some directories =======
 
2014-06-04 01:51 - 2008-03-09 06:25 - 0000236 ____H () C:\Program Files (x86)\Common Files\dx.reg
2014-06-04 01:51 - 2014-06-04 01:51 - 0002214 _____ () C:\Program Files (x86)\Common Files\unins000.dat
2014-06-04 01:51 - 2014-06-04 01:51 - 0728858 _____ () C:\Program Files (x86)\Common Files\unins000.exe
2014-09-18 13:05 - 2015-10-05 22:58 - 0000132 _____ () C:\Users\Fujitsu\AppData\Roaming\Adobe PNG Format CC Prefs
2014-08-04 23:45 - 2014-08-06 12:42 - 0000132 _____ () C:\Users\Fujitsu\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-03 10:30 - 2015-10-15 17:25 - 0000034 _____ () C:\Users\Fujitsu\AppData\Roaming\AdobeWLCMCache.dat
2014-10-15 16:01 - 2015-02-24 16:07 - 0000624 _____ () C:\Users\Fujitsu\AppData\Roaming\All CPU MeterV3_Settings.ini
2015-10-30 16:48 - 2015-10-30 17:16 - 0000370 _____ () C:\Users\Fujitsu\AppData\Roaming\burnaware.ini
2015-07-05 17:11 - 2015-07-05 17:13 - 0002838 _____ () C:\Users\Fujitsu\AppData\Roaming\droid4xinstaller.log
2014-10-13 21:04 - 2015-03-14 21:04 - 0000282 _____ () C:\Users\Fujitsu\AppData\Roaming\GPU MeterV2_Settings.ini
2015-04-20 15:12 - 2015-04-20 15:12 - 0000012 ___SH () C:\Users\Fujitsu\AppData\Roaming\windata.xfd
2015-05-19 17:17 - 2015-05-19 17:20 - 182572124 _____ () C:\Users\Fujitsu\AppData\Local\ACCCx3_0_1_88.zip.aamdownload
2015-05-19 17:17 - 2015-05-19 17:20 - 0002194 _____ () C:\Users\Fujitsu\AppData\Local\ACCCx3_0_1_88.zip.aamdownload.aamd
2015-06-25 20:29 - 2015-06-25 20:32 - 212590361 _____ () C:\Users\Fujitsu\AppData\Local\ACCCx3_1_2_114.2.zip.aamdownload
2015-06-25 20:29 - 2015-06-25 20:31 - 0002491 _____ () C:\Users\Fujitsu\AppData\Local\ACCCx3_1_2_114.2.zip.aamdownload.aamd
2015-01-04 00:31 - 2015-10-30 13:51 - 0001456 _____ () C:\Users\Fujitsu\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-30 17:16 - 2015-10-30 17:16 - 0000031 _____ () C:\Users\Fujitsu\AppData\Local\burnaware.ini
2014-06-03 18:08 - 2015-11-05 12:19 - 0007592 _____ () C:\Users\Fujitsu\AppData\Local\resmon.resmoncfg
2014-10-11 10:26 - 2014-10-11 10:26 - 0000003 _____ () C:\Users\Fujitsu\AppData\Local\updater.log
2014-10-11 10:26 - 2015-10-12 18:08 - 0000424 _____ () C:\Users\Fujitsu\AppData\Local\UserProducts.xml
2014-09-25 11:46 - 2014-09-25 11:52 - 0000000 _____ () C:\Users\Fujitsu\AppData\Local\{B1BE380B-8194-448D-8B79-8DC140432D7D}
2014-09-28 11:21 - 2014-09-28 11:24 - 0000000 _____ () C:\Users\Fujitsu\AppData\Local\{C1BEE54D-BC9F-4ADD-BA92-D6A3422BCFA5}
2015-11-05 12:08 - 2015-11-05 12:08 - 0000000 ____H () C:\ProgramData\cm-lock
2015-01-19 20:34 - 2015-04-16 19:24 - 0001981 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe
[2015-04-05 13:52] - [2015-04-05 13:52] - 2909696 ____A (Microsoft Corporation) FEB6A35119B07A3A7EF01C83E2072B65
 
C:\windows\SysWOW64\explorer.exe
[2015-04-05 13:52] - [2015-04-05 13:52] - 2654208 ____A (Microsoft Corporation) 909033C1D012FF81A8777BA986C6763C
 
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 17:35
 
==================== End of FRST.txt ============================
 
 
Addition.txt attached to the post
 
Thanks for your efforts to help us and waiting your precious help

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 05 November 2015 - 03:05 PM

Hello screamgfx and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 05 November 2015 - 03:31 PM

Okay, Thanks

But i got one question about disabling Anti-virus

I have Eset and Malwarebytes so if i disabled at least malwarebytes won't my computer get even more infected due to the malicious webpage i get redirected to ?



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 05 November 2015 - 05:18 PM

Hi screamgfx,
 
Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
********************************************************************************************************
IObit software products are installed on your system!

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

 
 
Please do the following,
 
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • SpyHunter
  • Skillbrains
  • µTorrent
  • Bittorent
  • IObit Uninstaller
  • Advanced SystemCare 8
  • HitmanPro 3.7
  • Sophos Virus Removal Tool
  • C:\Program Files (x86)\IObit
  • C:\Program Files (x86)\Skillbrains
  • C:\Program Files\HitmanPro

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
 
And PC Reboot
======================================================================================

 

Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   8.98KB   4 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

How is the situation now?

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 05 November 2015 - 08:08 PM

Okay i went through the list and uninstalled them by revounistaller to get out their leftovers too and got the rest manually from the destinations you mentioned.

and i can say they were making a load on my computer i never thought these applications would make. it's a little faster now i can say...

 

so, Here's the first log (FixLog):

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Fujitsu (2015-11-06 01:18:16) Run:1
Running from E:\IMP
Loaded Profiles: Fujitsu (Available Profiles: Fujitsu & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {08080CF4-DAFE-48BE-9B81-5BC3A06617A7} - System32\Tasks\{280BBAF0-9DC6-41B2-930E-CFC036838898} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=1618
Task: {0B4E8FFB-FDD0-4E52-9E11-C77AF544575C} - System32\Tasks\{901A4D26-32FC-405B-8639-CED288845A3A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=1618
Task: {18CF3485-9CFC-4B37-B6A9-301541BB92DF} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Fujitsu\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-14] () <==== ATTENTION
Task: {2540353A-D1D4-4534-88DA-CAE96813E297} - System32\Tasks\{5CB50055-3334-40FB-B884-3BF21F2A0A1C} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12002
Task: {618D14DB-D608-4CF5-BFEB-E6794476A186} - System32\Tasks\SpyHunter4Startup => E:\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\SpyHunter4.exe [2015-10-25] (Enigma Software Group USA, LLC.)
Task: {97AEBE9B-9712-439E-AB37-04475BA9BF3C} - System32\Tasks\Uninstaller_SkipUac_Fujitsu => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {CDDF0FB6-A970-44F1-9F2A-0EF9E2C1ABBE} - System32\Tasks\ASC8_SkipUac_Fujitsu => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {E3710C8F-F971-468A-B7F4-62FB41ACB25F} - System32\Tasks\{41971447-9023-4C76-9ED0-B594E5D8EE2C} => pcalua.exe -a E:\dotnetfx35.exe -d C:\Users\Fujitsu\AppData\Roaming\IDM
Task: C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Fujitsu\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe?-RunCheckUpdate C:\Users\Fujitsu\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
2015-03-12 09:20 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-12 09:20 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-12 09:20 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
AlternateDataStreams: C:\Windows:nlsPreferences
IE trusted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\sharepoint.com -> hxxps://commerceasuedu.sharepoint.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\100sexlinks.com -> 100sexlinks.com
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\...\MountPoints2: {461e049c-d034-11e3-87f7-806e6f6e6963} - F:\start.exe
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2728587893-4226705378-2779304957-1000: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
C:\Program Files\HitmanPro\hmpsched.exe
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S3 vssbrigde64; no ImagePath
S3 esgiguard; E:\SpyHunter 4.20.9.4533 Portable - AppzDam\App\SpyHunter\esgiguard.sys [15920 2015-10-25] (Enigma Software Group USA, LLC.)
S3 WinRing0_1_2_0; no ImagePath
S3 X6va021; no ImagePath
S3 X6va022; no ImagePath
S3 X6va023; no ImagePath
S3 X6va025; no ImagePath
S3 xhunter1; no ImagePath
S3 cpuz137; \??\C:\Users\Fujitsu\AppData\Local\Temp\cpuz137\cpuz137_x64.sys
VGPU; System32\drivers\rdvgkmd.sys
2015-11-05 12:25 - 2015-11-05 12:25 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-05 12:25 - 2015-11-05 12:25 - 00001899 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2015-11-05 12:25 - 2015-11-05 12:25 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-05 12:25 - 2015-11-05 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
C:\asc_rdflag
 C:\ProgramData\McAfee
C:\Users\Fujitsu\AppData\Roaming\ProductData
C:\ProgramData\Sophos
2015-11-02 17:47 - 2015-11-02 17:47 - 00000000 ____D C:\ProgramData\Sophos
2015-11-02 17:44 - 2015-11-02 17:44 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-11-02 17:44 - 2015-11-02 17:44 - 00002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2015-11-02 17:44 - 2015-11-02 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-02 17:43 - 2015-11-02 17:43 - 00000000 ____D C:\Program Files (x86)\Sophos
C:\ProgramData\HitmanPro
C:\spyhunter.fix
2015-10-26 21:21 - 2015-10-26 21:21 - 00003290 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-10-25 16:59 - 2015-10-25 16:59 - 00001222 _____ C:\Users\Fujitsu\Desktop\SpyHunterPortable.exe.lnk
2015-10-25 14:27 - 2015-10-25 14:27 - 00000000 _____ C:\autoexec.bat
2015-11-04 22:27 - 2014-06-04 13:13 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\DMCache
2015-11-04 20:53 - 2015-05-03 13:40 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\TeamViewer
C:\Users\Fujitsu\AppData\Roaming\IDM
C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2015-11-03 15:35 - 2015-04-10 05:16 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\MPC-HC
2015-11-03 15:16 - 2015-03-30 09:50 - 00002187 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-11-03 15:16 - 2015-03-30 09:50 - 00002187 _____ C:\ProgramData\Desktop\Advanced SystemCare 8.lnk
2015-10-28 15:51 - 2015-02-06 15:22 - 00000000 ____D C:\ProgramData\IObit
2015-10-28 13:50 - 2015-04-05 14:48 - 00000000 ____D C:\CFLog
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieUserList
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieSiteList
2015-10-26 19:40 - 2015-05-06 19:53 - 00000000 __SHD C:\Users\Fujitsu\AppData\LocalLow\EmieBrowserModeList
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08080CF4-DAFE-48BE-9B81-5BC3A06617A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08080CF4-DAFE-48BE-9B81-5BC3A06617A7}" => key removed successfully
C:\windows\System32\Tasks\{280BBAF0-9DC6-41B2-930E-CFC036838898} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{280BBAF0-9DC6-41B2-930E-CFC036838898}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B4E8FFB-FDD0-4E52-9E11-C77AF544575C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B4E8FFB-FDD0-4E52-9E11-C77AF544575C}" => key removed successfully
C:\windows\System32\Tasks\{901A4D26-32FC-405B-8639-CED288845A3A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{901A4D26-32FC-405B-8639-CED288845A3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18CF3485-9CFC-4B37-B6A9-301541BB92DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18CF3485-9CFC-4B37-B6A9-301541BB92DF}" => key removed successfully
C:\windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2540353A-D1D4-4534-88DA-CAE96813E297}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2540353A-D1D4-4534-88DA-CAE96813E297}" => key removed successfully
C:\windows\System32\Tasks\{5CB50055-3334-40FB-B884-3BF21F2A0A1C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CB50055-3334-40FB-B884-3BF21F2A0A1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{618D14DB-D608-4CF5-BFEB-E6794476A186}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{618D14DB-D608-4CF5-BFEB-E6794476A186}" => key removed successfully
C:\windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97AEBE9B-9712-439E-AB37-04475BA9BF3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97AEBE9B-9712-439E-AB37-04475BA9BF3C}" => key removed successfully
C:\windows\System32\Tasks\Uninstaller_SkipUac_Fujitsu => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Fujitsu" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDDF0FB6-A970-44F1-9F2A-0EF9E2C1ABBE} => key not found. 
C:\windows\System32\Tasks\ASC8_SkipUac_Fujitsu => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_SkipUac_Fujitsu => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3710C8F-F971-468A-B7F4-62FB41ACB25F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3710C8F-F971-468A-B7F4-62FB41ACB25F}" => key removed successfully
C:\windows\System32\Tasks\{41971447-9023-4C76-9ED0-B594E5D8EE2C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41971447-9023-4C76-9ED0-B594E5D8EE2C}" => key removed successfully
C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => moved successfully
"C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl" => not found.
"C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl" => not found.
"C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl" => not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0190-dialers.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\01i.info" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\02pmnzy5eo29bfk4.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\07ic5do2myz3vzpk.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\08nigbmwk43i01y6.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\093qpeuqpmz6ebfa.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0calories.net" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0cj.net" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-britney-spears-nude.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-se.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001movie.com" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001night.biz" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100gal.net" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lightshot => value not found.
"C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe" => not found.
HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{461e049c-d034-11e3-87f7-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{461e049c-d034-11e3-87f7-806e6f6e6963} => key not found. 
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\MozillaPlugins\eagleget.com/EagleGet64" => key removed successfully
C:\Program Files (x86)\EagleGet\npEagleget64.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found.
"C:\Program Files\HitmanPro\hmpsched.exe" => not found.
AdvancedSystemCareService8 => service not found.
HitmanProScheduler => service removed successfully
LiveUpdateSvc => service removed successfully
vssbrigde64 => service removed successfully
esgiguard => service removed successfully
WinRing0_1_2_0 => service removed successfully
X6va021 => service removed successfully
X6va022 => service removed successfully
X6va023 => service removed successfully
X6va025 => service removed successfully
xhunter1 => service removed successfully
cpuz137 => service removed successfully
VGPU; System32\drivers\rdvgkmd.sys => Error: No automatic fix found for this entry.
"C:\Users\Public\Desktop\HitmanPro.lnk" => not found.
"C:\ProgramData\Desktop\HitmanPro.lnk" => not found.
"C:\Program Files\HitmanPro" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro => moved successfully
C:\asc_rdflag => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Users\Fujitsu\AppData\Roaming\ProductData => moved successfully
C:\ProgramData\Sophos => moved successfully
"C:\ProgramData\Sophos" => not found.
"C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk" => not found.
"C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos => moved successfully
"C:\Program Files (x86)\Sophos" => not found.
C:\ProgramData\HitmanPro => moved successfully
"C:\spyhunter.fix" => not found.
"C:\windows\System32\Tasks\SpyHunter4Startup" => not found.
"C:\Users\Fujitsu\Desktop\SpyHunterPortable.exe.lnk" => not found.
C:\autoexec.bat => moved successfully
C:\Users\Fujitsu\AppData\Roaming\DMCache => moved successfully
C:\Users\Fujitsu\AppData\Roaming\TeamViewer => moved successfully
C:\Users\Fujitsu\AppData\Roaming\IDM => moved successfully
"C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job" => not found.
C:\Users\Fujitsu\AppData\Roaming\MPC-HC => moved successfully
"C:\Users\Public\Desktop\Advanced SystemCare 8.lnk" => not found.
"C:\ProgramData\Desktop\Advanced SystemCare 8.lnk" => not found.
C:\ProgramData\IObit => moved successfully
C:\CFLog => moved successfully
C:\Users\Fujitsu\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Fujitsu\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\Fujitsu\AppData\LocalLow\EmieBrowserModeList => moved successfully
"C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job" => not found.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 492.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 01:20:50 ====
 
_________________________________________________________________________
 
AdwCleaner log:
 

# AdwCleaner v5.018 - Logfile created 06/11/2015 at 01:46:25
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Fujitsu - FUJITSU-PC
# Running from : C:\Users\Fujitsu\Desktop\adwcleaner_5.018.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1902 bytes] ##########
 ____________________________________________________________________________
 
JRT log :
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Fujitsu on Fri 11/06/2015 at  1:52:10.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\users\Public\Documents\pc faster
 
 
 
~~~ Chrome
 
 
[C:\Users\Fujitsu\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Fujitsu\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Fujitsu\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Fujitsu\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/06/2015 at  1:57:58.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________________________________

ZHP Cleaner Log:

 

~ ZHPCleaner v2015.11.4.373 by Nicolas Coolman (2015/11/04)
~ Run by Fujitsu (Administrator)  (06/11/2015 02:05:18)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Fujitsu\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Fujitsu\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896]  =>Hijacker.Proxy
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (85)
MOVED file: C:\Windows\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_6FEFF9B68218417F98F549.exe    =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
MOVED folder: C:\windows\Installer\MSI12E2.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI142B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI19C3.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI1CE5.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI1DAB.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI1DD.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI1E7B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI2589.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI2951.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI30ED.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI3AA2.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI3FFF.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI42ED.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI4426.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI5174.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI58EE.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI71F8.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7350.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI743B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI746D.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI75B6.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI77C9.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7843.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7A45.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7C77.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7ED9.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI7F9A.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI805B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI8140.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI8404.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI856B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI8684.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI8881.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI9412.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI950C.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI97CF.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI9B2E.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI9C57.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI9CAE.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSI9DDC.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA2C8.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA4A0.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA524.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA522.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA71C.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA7D8.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA93E.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIA98B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIAA51.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIAB4D.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIAD62.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIAF24.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIAFDA.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIB179.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIB3CA.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIB54D.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIB6E8.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIB7E6.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIBDE.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIBE65.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIC261.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIC442.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIC56A.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIC684.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIC6D2.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSICB04.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSICB17.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSICCFC.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSICDEB.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSICFEF.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSID16B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSID23F.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSID87B.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIDB4A.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIDB5E.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIDD43.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIDF31.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIE10.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIE1E5.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIE4F3.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIE891.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIF8B8.tmp-  =>Empty
MOVED folder: C:\windows\Installer\MSIFA12.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (12)
DELETED key*: HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Skillbrains []  =>PUP.Optional.Skillbrains
DELETED key: HKCU\Software\Skillbrains []  =>PUP.Optional.Skillbrains
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller.1 [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes.1 [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1 [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SkillBrains []  =>PUP.Optional.Skillbrains
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Topaz Detail 3 [Topaz Labs, LLC]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\4C7D129C7D420124EA9EFD5CDD7C4882 [Topaz Detail 2]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\4C7D129C7D420124EA9EFD5CDD7C4882 []  =>PUP.Optional.Multiplug
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 516
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 98
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-06112015-02_05_38.txt
ZHPCleaner-[S]-06112015-02_03_46.txt
_____________________________________________________________
 
Emsisoft Log: 
 

Emsisoft Emergency Kit - Version 10.0
Last update: 11/6/2015 2:39:45 AM
User account: Fujitsu-PC\Fujitsu
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/6/2015 2:41:16 AM
Value: HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Program Files\PowerISO\uninstall.exe detected: Application.Win32.AdBundle (A)
 
Scanned 74335
Found 3
 
Scan end: 11/6/2015 2:46:42 AM
Scan time: 0:05:26
 
C:\Program Files\PowerISO\uninstall.exe Quarantined Application.Win32.AdBundle (A)
Value: HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 3
__________________________________________________

 

About the situation now... i don't know if i should've rebooted the system before trying but the redirecting thing still happens and the ad box still appear but at least my PC is faster now i can say

i thought ZHO Cleaner got the bug because it detected a hijacker.proxy or something like that but i'm not sure it's not a mistake to try the browser before reboot or not like if i reactivated it again or something ... i don't really know

 

Here's what you asked for anyway and i'll be waiting your reply :)



#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 05 November 2015 - 08:58 PM

Nice,  screamgfx,
 
Step1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step2:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Step3:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 06 November 2015 - 04:54 AM

MalwareBytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/6/2015
Scan Time: 9:42 AM
Logfile: Bytes.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.06.01
Rootkit Database: v2015.11.04.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fujitsu
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386658
Time Elapsed: 45 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
________________________________________
 
Combofix Log:
 

ComboFix 15-11-05.01 - Fujitsu 11/06/2015  10:52:36.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.8100.5920 [GMT 2:00]
Running from: c:\users\Fujitsu\Desktop\ComboFix.exe
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fujitsu\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-06 to 2015-11-06  )))))))))))))))))))))))))))))))
.
.
2015-11-06 00:30 . 2015-11-06 00:31 -------- d-----w- C:\EEK
2015-11-05 23:58 . 2015-11-06 00:05 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\ZHP
2015-11-05 23:24 . 2015-11-06 09:12 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\DMCache
2015-11-05 23:24 . 2015-11-05 23:35 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\IDM
2015-11-05 16:24 . 2015-11-05 23:23 -------- d-----w- C:\FRST
2015-11-03 07:10 . 2015-11-03 07:10 -------- d-----w- c:\users\Fujitsu\AppData\Local\Macromedia
2015-11-01 23:58 . 2015-11-02 00:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-11-01 09:25 . 2015-11-01 09:25 -------- d-----w- c:\program files (x86)\ESET
2015-10-30 14:14 . 2015-10-30 14:14 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\WinISO Computing
2015-10-30 14:14 . 2015-10-30 14:14 -------- d-----w- c:\users\Fujitsu\AppData\Local\WinISO Computing
2015-10-30 14:14 . 2015-10-30 15:03 -------- d-----w- c:\program files (x86)\WinISO Computing
2015-10-30 11:20 . 2015-10-30 11:20 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\NVIDIA
2015-10-28 19:04 . 2015-11-05 23:46 -------- d-----w- C:\AdwCleaner
2015-10-26 22:19 . 2015-10-26 22:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD32C099-5ECE-49E9-B8E1-F5A4DCBDA29A}\offreg.4456.dll
2015-10-26 19:49 . 2015-10-25 14:12 22400 ----a-w- c:\windows\SysWow64\sh4native.exe
2015-10-26 18:47 . 2015-10-20 02:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD32C099-5ECE-49E9-B8E1-F5A4DCBDA29A}\mpengine.dll
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\users\Fujitsu\AppData\Local\NVIDIA
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\windows\SysWow64\NV
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\windows\system32\NV
2015-10-21 16:23 . 2015-08-27 00:36 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-10-21 16:23 . 2015-08-27 00:36 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-10-21 16:23 . 2015-08-27 00:37 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-10-21 16:23 . 2015-08-27 00:37 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-10-21 16:22 . 2015-11-06 09:10 -------- d-----w- c:\programdata\NVIDIA
2015-10-21 16:22 . 2015-09-13 21:50 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-10-21 16:21 . 2015-09-13 22:09 74872 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-10-21 16:21 . 2015-09-13 22:09 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-10-21 16:21 . 2015-09-13 22:09 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-10-21 16:21 . 2015-09-13 22:09 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-10-21 16:21 . 2015-09-13 22:09 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-21 16:21 . 2015-09-13 22:09 1062192 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-10-21 16:21 . 2015-09-13 22:09 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-10-21 16:21 . 2015-09-13 22:09 3496056 ----a-w- c:\windows\system32\nvsvc64.dll
2015-10-21 16:21 . 2015-09-11 12:17 5231082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-10-17 15:53 . 2015-10-17 15:53 -------- d-----w- c:\users\Public\Foxit Software
2015-10-16 12:29 . 2015-06-12 02:00 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-10-12 09:22 . 2015-10-12 09:23 -------- d-----w- c:\program files (x86)\QuickTime
2015-10-12 09:22 . 2015-10-12 09:22 -------- d-----w- c:\programdata\Apple Computer
2015-10-11 14:15 . 2015-10-11 14:15 -------- d-----w- C:\$WINDOWS.~BT
2015-10-11 14:04 . 2015-10-11 14:04 -------- d-----w- C:\$Windows.~WS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-06 09:12 . 2015-03-10 04:51 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-03 18:30 . 2014-04-30 07:37 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-03 18:30 . 2014-04-30 07:37 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-08 18:15 . 2015-10-07 08:20 113880 ----a-w- c:\windows\system32\drivers\0A66083A.sys
2015-10-07 04:16 . 2015-10-07 04:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2015-10-05 07:50 . 2015-03-10 04:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-03-10 04:49 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-03-10 04:49 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-28 14:59 . 2015-09-28 14:59 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-09-28 14:59 . 2015-09-28 14:59 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-28 14:59 . 2015-09-28 14:59 97112 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-09-28 14:59 . 2015-09-28 14:59 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-28 14:59 . 2015-09-28 14:59 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-28 14:59 . 2015-09-28 14:59 31232 ----a-w- c:\windows\system32\lsass.exe
2015-09-28 14:59 . 2015-09-28 14:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-09-28 14:59 . 2015-09-28 14:59 28160 ----a-w- c:\windows\system32\secur32.dll
2015-09-28 14:59 . 2015-09-28 14:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-09-28 14:59 . 2015-09-28 14:59 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-09-28 14:59 . 2015-09-28 14:59 157016 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-09-28 14:59 . 2015-09-28 14:59 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-09-28 14:59 . 2015-09-28 14:59 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-09-28 14:59 . 2015-09-28 14:59 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-09-28 14:59 . 2015-09-28 14:59 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-09-28 14:59 . 2015-09-28 14:59 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-28 14:59 . 2015-09-28 14:59 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-09-28 14:59 . 2015-09-28 14:59 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-09-28 14:59 . 2015-09-28 14:59 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-09-28 14:59 . 2015-09-28 14:59 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-28 14:59 . 2015-09-28 14:59 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-09-28 14:59 . 2015-09-28 14:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-09-28 14:59 . 2015-09-28 14:59 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-09-28 14:59 . 2015-09-28 14:59 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-28 14:59 . 2015-09-28 14:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-09-28 14:59 . 2015-09-28 14:59 22016 ----a-w- c:\windows\system32\credssp.dll
2015-09-28 14:59 . 2015-09-28 14:59 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-09-28 14:59 . 2015-09-28 14:59 129024 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-09-28 14:59 . 2015-09-28 14:59 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-28 14:59 . 2015-09-28 14:59 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-09-28 14:59 . 2015-09-28 14:59 159232 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-09-28 14:59 . 2015-09-28 14:59 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-28 14:59 . 2015-09-28 14:59 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-09-28 14:59 . 2015-09-28 14:59 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-28 14:59 . 2015-09-28 14:59 22528 ----a-w- c:\windows\system32\icaapi.dll
2015-09-28 14:59 . 2015-09-28 14:59 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-09-28 14:59 . 2015-09-28 14:59 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-09-28 14:59 . 2015-09-28 14:59 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-28 14:59 . 2015-09-28 14:59 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-09-28 14:59 . 2015-09-28 14:59 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-09-23 12:35 . 2015-09-23 12:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-23 12:35 . 2015-09-23 12:35 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-23 12:35 . 2015-09-23 12:35 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-23 12:35 . 2015-09-23 12:35 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-23 12:35 . 2015-09-23 12:35 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-23 12:35 . 2015-09-23 12:35 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-23 12:35 . 2015-09-23 12:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-23 12:35 . 2015-09-23 12:35 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-23 12:35 . 2015-09-23 12:35 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-23 12:35 . 2015-09-23 12:35 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-23 12:35 . 2015-09-23 12:35 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-23 12:34 . 2015-09-23 12:34 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-18 12:33 . 2015-02-28 12:42 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-18 12:31 . 2015-09-18 12:31 901264 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2015-09-18 12:31 . 2015-09-18 12:31 66400 ----a-w- c:\windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 22368 ----a-w- c:\windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 19808 ----a-w- c:\windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 16224 ----a-w- c:\windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 15712 ----a-w- c:\windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 13664 ----a-w- c:\windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 984448 ----a-w- c:\windows\system32\ucrtbase.dll
2015-09-18 12:31 . 2015-09-18 12:31 63840 ----a-w- c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 20832 ----a-w- c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 19808 ----a-w- c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 15712 ----a-w- c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-10-16 3911248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\program files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Spring;Spring; [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap-tb-0901;TunnelBear Adapter V9;c:\windows\system32\DRIVERS\tap-tb-0901.sys;c:\windows\SYSNATIVE\DRIVERS\tap-tb-0901.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 X6va031;X6va031;c:\windows\SysWOW64\Drivers\X6va031;c:\windows\SysWOW64\Drivers\X6va031 [x]
R3 X6va060;X6va060;c:\windows\SysWOW64\Drivers\X6va060;c:\windows\SysWOW64\Drivers\X6va060 [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 CronService;Cron Service;c:\windows\Prey\wpxsvc.exe;c:\windows\Prey\wpxsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 FUJ02E3Service;FUJ02E3Service;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-03 19:20 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000Core.job
- c:\users\Fujitsu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-17 18:12]
.
2015-11-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000UA.job
- c:\users\Fujitsu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-17 18:12]
.
2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 19:12]
.
2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 19:12]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000Core.job
- c:\users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-04 21:03]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000UA.job
- c:\users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-04 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 31.3.252.70 37.220.8.189
TCP: Interfaces\{BEE40092-C95A-4A02-8681-20E2A170A759}\14E64627F696461405: NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-PowerISO - c:\program files\PowerISO\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va031]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va031"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va060]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va060"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{927A1256-B7D0-07A2-9F88-684B1487B07F}*]
"haghdnpdiobdcfmh"=hex:6a,61,62,70,69,62,68,6c,70,65,6e,63,6e,6d,6b,66,61,6e,
   6e,62,00,00
"iamdbpfjfejdaeeebj"=hex:6a,61,62,70,65,62,6c,6f,65,65,62,6b,6f,66,6f,6c,6c,65,
   64,69,00,00
.
[HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a9,d1,1f,e2,28,78,50,18,04,2d,db,30,85,09,cd,42,c7,d0,b6,27,61,
   9f,8e,91,c0,a8,70,99,6f,7d,77,5e,9c,70,b3,f2,97,63,c8,3d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000_Classes\Wow6432Node\CLSID\{e0bbc8b3-b915-46bd-926f-6ea8fd47281c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e0
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Prey\versions\1.4.2\node_modules\triggers\bin\lightevt.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2015-11-06  11:19:22 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-06 09:19
.
Pre-Run: 50,304,389,120 bytes free
Post-Run: 49,878,519,808 bytes free
.
- - End Of File - - F1612DC41A96BC719DA253742A3B12AE
A36C5E4F47E84449FF07ED3517B43A31
 
_________________________________________
RogueKiller log:
 

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fujitsu [Administrator]
Started from : C:\Users\Fujitsu\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/06/2015 11:47:42
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] IDMan.exe(1844) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 7 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Run | IDMan : C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [-][x] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D765A530-D99F-44B9-8003-4C36EF8286D2} | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D765A530-D99F-44B9-8003-4C36EF8286D2} | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D765A530-D99F-44B9-8003-4C36EF8286D2} | DhcpNameServer : 31.3.252.70 37.220.8.189 ([INDIA (IN)][-])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 4846052667563dba97d0952c7d582aaa
[BSP] 3dbbddb0c5ef8b83ec8d96eb6645cd2a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206892 | Size: 148963 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 305288625 | Size: 204799 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724719088 | Size: 600000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 4846052667563dba97d0952c7d582aaa
[BSP] 3dbbddb0c5ef8b83ec8d96eb6645cd2a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206892 | Size: 148963 MB [Error reading VBR! ([1] Incorrect function. )]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 305288625 | Size: 204799 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724719088 | Size: 600000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 06 November 2015 - 11:52 AM

Hi screamgfx,
 
Windows Firewall is enabled.
ESET Smart Security-Enabled
[/quote]
Two firewalls running
No, this is not true.  You cannot, your machine will be slowed down or may crash.
You have to choose which one you like.
------------------------------------------------------------------------------------------------------------------------------------------
 
:Run CFScript:

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
****************************************************************************************************************************************

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
 
How is the machine running now ?
 
Attached File  CFScript.txt   944bytes   4 downloads

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 06 November 2015 - 01:36 PM

The machine is getting faster and clean Thanks to you :)

But i'm still getting the redirecting tabs :(

 

and about the firewalls i stopped the windows defender as it's outdated

i don't know if that's okay for now or not...anyway there are the logs

 

Combofix Log:

 

ComboFix 15-11-05.01 - Fujitsu 11/06/2015  19:24:16.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.8100.5902 [GMT 2:00]
Running from: c:\users\Fujitsu\Desktop\ComboFix.exe
Command switches used :: c:\users\Fujitsu\Desktop\CFScript.txt
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA029
-------\Legacy_X6VA031
-------\Legacy_X6VA060
-------\Service_X6va029
-------\Service_X6va031
-------\Service_X6va060
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-06 to 2015-11-06  )))))))))))))))))))))))))))))))
.
.
2015-11-06 17:40 . 2015-11-06 17:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-11-06 17:40 . 2015-11-06 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-06 09:28 . 2015-11-06 09:28 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-06 09:28 . 2015-11-06 09:49 -------- d-----w- c:\programdata\RogueKiller
2015-11-06 00:30 . 2015-11-06 00:31 -------- d-----w- C:\EEK
2015-11-05 23:58 . 2015-11-06 00:05 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\ZHP
2015-11-05 23:24 . 2015-11-06 17:40 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\DMCache
2015-11-05 23:24 . 2015-11-05 23:35 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\IDM
2015-11-05 16:24 . 2015-11-05 23:23 -------- d-----w- C:\FRST
2015-11-03 07:10 . 2015-11-03 07:10 -------- d-----w- c:\users\Fujitsu\AppData\Local\Macromedia
2015-11-01 23:58 . 2015-11-02 00:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-11-01 09:25 . 2015-11-01 09:25 -------- d-----w- c:\program files (x86)\ESET
2015-10-30 14:14 . 2015-10-30 14:14 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\WinISO Computing
2015-10-30 14:14 . 2015-10-30 14:14 -------- d-----w- c:\users\Fujitsu\AppData\Local\WinISO Computing
2015-10-30 14:14 . 2015-10-30 15:03 -------- d-----w- c:\program files (x86)\WinISO Computing
2015-10-30 11:20 . 2015-10-30 11:20 -------- d-----w- c:\users\Fujitsu\AppData\Roaming\NVIDIA
2015-10-28 19:04 . 2015-11-05 23:46 -------- d-----w- C:\AdwCleaner
2015-10-26 22:19 . 2015-10-26 22:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD32C099-5ECE-49E9-B8E1-F5A4DCBDA29A}\offreg.4456.dll
2015-10-26 19:49 . 2015-10-25 14:12 22400 ----a-w- c:\windows\SysWow64\sh4native.exe
2015-10-26 18:47 . 2015-10-20 02:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD32C099-5ECE-49E9-B8E1-F5A4DCBDA29A}\mpengine.dll
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\users\Fujitsu\AppData\Local\NVIDIA
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\windows\SysWow64\NV
2015-10-21 16:25 . 2015-10-21 16:25 -------- d-----w- c:\windows\system32\NV
2015-10-21 16:23 . 2015-08-27 00:36 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-10-21 16:23 . 2015-08-27 00:36 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-10-21 16:23 . 2015-08-27 00:37 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-10-21 16:23 . 2015-08-27 00:37 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-10-21 16:22 . 2015-11-06 17:41 -------- d-----w- c:\programdata\NVIDIA
2015-10-21 16:22 . 2015-09-13 21:50 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-10-21 16:21 . 2015-09-13 22:09 74872 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-10-21 16:21 . 2015-09-13 22:09 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-10-21 16:21 . 2015-09-13 22:09 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-10-21 16:21 . 2015-09-13 22:09 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-10-21 16:21 . 2015-09-13 22:09 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-21 16:21 . 2015-09-13 22:09 1062192 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-10-21 16:21 . 2015-09-13 22:09 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-10-21 16:21 . 2015-09-13 22:09 3496056 ----a-w- c:\windows\system32\nvsvc64.dll
2015-10-21 16:21 . 2015-09-11 12:17 5231082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-10-17 15:53 . 2015-10-17 15:53 -------- d-----w- c:\users\Public\Foxit Software
2015-10-16 12:29 . 2015-06-12 02:00 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-10-12 09:23 . 2015-10-12 09:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-10-12 09:22 . 2015-10-12 09:23 -------- d-----w- c:\program files (x86)\QuickTime
2015-10-12 09:22 . 2015-10-12 09:22 -------- d-----w- c:\programdata\Apple Computer
2015-10-11 14:15 . 2015-10-11 14:15 -------- d-----w- C:\$WINDOWS.~BT
2015-10-11 14:04 . 2015-10-11 14:04 -------- d-----w- C:\$Windows.~WS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-06 17:43 . 2015-03-10 04:51 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-03 18:30 . 2014-04-30 07:37 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-03 18:30 . 2014-04-30 07:37 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-08 18:15 . 2015-10-07 08:20 113880 ----a-w- c:\windows\system32\drivers\0A66083A.sys
2015-10-07 04:16 . 2015-10-07 04:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2015-10-05 07:50 . 2015-03-10 04:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-03-10 04:49 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-03-10 04:49 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-28 14:59 . 2015-09-28 14:59 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-09-28 14:59 . 2015-09-28 14:59 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-28 14:59 . 2015-09-28 14:59 97112 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-09-28 14:59 . 2015-09-28 14:59 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-28 14:59 . 2015-09-28 14:59 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-28 14:59 . 2015-09-28 14:59 31232 ----a-w- c:\windows\system32\lsass.exe
2015-09-28 14:59 . 2015-09-28 14:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-09-28 14:59 . 2015-09-28 14:59 28160 ----a-w- c:\windows\system32\secur32.dll
2015-09-28 14:59 . 2015-09-28 14:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-09-28 14:59 . 2015-09-28 14:59 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-09-28 14:59 . 2015-09-28 14:59 157016 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-09-28 14:59 . 2015-09-28 14:59 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-09-28 14:59 . 2015-09-28 14:59 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-09-28 14:59 . 2015-09-28 14:59 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-09-28 14:59 . 2015-09-28 14:59 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-09-28 14:59 . 2015-09-28 14:59 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-28 14:59 . 2015-09-28 14:59 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-09-28 14:59 . 2015-09-28 14:59 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-09-28 14:59 . 2015-09-28 14:59 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-09-28 14:59 . 2015-09-28 14:59 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-28 14:59 . 2015-09-28 14:59 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-09-28 14:59 . 2015-09-28 14:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-09-28 14:59 . 2015-09-28 14:59 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-09-28 14:59 . 2015-09-28 14:59 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-28 14:59 . 2015-09-28 14:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-09-28 14:59 . 2015-09-28 14:59 22016 ----a-w- c:\windows\system32\credssp.dll
2015-09-28 14:59 . 2015-09-28 14:59 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-09-28 14:59 . 2015-09-28 14:59 129024 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-09-28 14:59 . 2015-09-28 14:59 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-28 14:59 . 2015-09-28 14:59 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-09-28 14:59 . 2015-09-28 14:59 159232 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-09-28 14:59 . 2015-09-28 14:59 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-28 14:59 . 2015-09-28 14:59 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-09-28 14:59 . 2015-09-28 14:59 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-28 14:59 . 2015-09-28 14:59 22528 ----a-w- c:\windows\system32\icaapi.dll
2015-09-28 14:59 . 2015-09-28 14:59 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-09-28 14:59 . 2015-09-28 14:59 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-09-28 14:59 . 2015-09-28 14:59 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-28 14:59 . 2015-09-28 14:59 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-09-28 14:59 . 2015-09-28 14:59 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-09-23 12:35 . 2015-09-23 12:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-23 12:35 . 2015-09-23 12:35 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-23 12:35 . 2015-09-23 12:35 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-23 12:35 . 2015-09-23 12:35 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-23 12:35 . 2015-09-23 12:35 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-23 12:35 . 2015-09-23 12:35 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-23 12:35 . 2015-09-23 12:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-23 12:35 . 2015-09-23 12:35 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-23 12:35 . 2015-09-23 12:35 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-23 12:35 . 2015-09-23 12:35 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-23 12:35 . 2015-09-23 12:35 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-23 12:34 . 2015-09-23 12:34 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-18 12:33 . 2015-02-28 12:42 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-18 12:31 . 2015-09-18 12:31 901264 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2015-09-18 12:31 . 2015-09-18 12:31 66400 ----a-w- c:\windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 22368 ----a-w- c:\windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 19808 ----a-w- c:\windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 16224 ----a-w- c:\windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 15712 ----a-w- c:\windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 13664 ----a-w- c:\windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 984448 ----a-w- c:\windows\system32\ucrtbase.dll
2015-09-18 12:31 . 2015-09-18 12:31 63840 ----a-w- c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 20832 ----a-w- c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 19808 ----a-w- c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 17760 ----a-w- c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 15712 ----a-w- c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 14176 ----a-w- c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12640 ----a-w- c:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 12128 ----a-w- c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-18 12:31 . 2015-09-18 12:31 11616 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-21 18:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-10-16 3911248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\program files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Spring;Spring; [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap-tb-0901;TunnelBear Adapter V9;c:\windows\system32\DRIVERS\tap-tb-0901.sys;c:\windows\SYSNATIVE\DRIVERS\tap-tb-0901.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 CronService;Cron Service;c:\windows\Prey\wpxsvc.exe;c:\windows\Prey\wpxsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 FUJ02E3Service;FUJ02E3Service;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-03 19:20 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000Core.job
- c:\users\Fujitsu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-17 18:12]
.
2015-11-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000UA.job
- c:\users\Fujitsu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-17 18:12]
.
2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 19:12]
.
2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03 19:12]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000Core.job
- c:\users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-04 21:03]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728587893-4226705378-2779304957-1000UA.job
- c:\users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-04 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-23 06:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 31.3.252.70 37.220.8.189
TCP: Interfaces\{BEE40092-C95A-4A02-8681-20E2A170A759}\14E64627F696461405: NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PowerISO - c:\program files\PowerISO\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{927A1256-B7D0-07A2-9F88-684B1487B07F}*]
"haghdnpdiobdcfmh"=hex:6a,61,62,70,69,62,68,6c,70,65,6e,63,6e,6d,6b,66,61,6e,
   6e,62,00,00
"iamdbpfjfejdaeeebj"=hex:6a,61,62,70,65,62,6c,6f,65,65,62,6b,6f,66,6f,6c,6c,65,
   64,69,00,00
.
[HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000_Classes\Wow6432Node\CLSID\{e0bbc8b3-b915-46bd-926f-6ea8fd47281c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e0
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Prey\versions\1.4.2\node_modules\triggers\bin\lightevt.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2015-11-06  19:50:20 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-06 17:50
ComboFix2.txt  2015-11-06 09:19
.
Pre-Run: 49,424,400,384 bytes free
Post-Run: 49,114,132,480 bytes free
.
- - End Of File - - 805FDEB69E5EDF4FC88F14D1CEAFE606
A36C5E4F47E84449FF07ED3517B43A31
 
______________________________________________________________________
 
Zoek log:
 

 
Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by Fujitsu on Fri 11/06/2015 at 19:59:47.61.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fujitsu\Desktop\zoek.exe    [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/6/2015 8:01:33 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Activision deleted successfully
C:\PROGRA~2\en_zf deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~2\TunnelBear deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\WinISO Computing deleted successfully
C:\Program Files\Sony deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Orbit deleted successfully
C:\Users\Fujitsu\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 deleted successfully
C:\Users\Fujitsu\AppData\Roaming\NCSOFT deleted successfully
C:\Users\Fujitsu\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Fujitsu\AppData\Local\CrashDumps deleted successfully
C:\Users\Fujitsu\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Fujitsu\AppData\Local\EmieSiteList deleted successfully
C:\Users\Fujitsu\AppData\Local\EmieUserList deleted successfully
C:\Users\Fujitsu\AppData\Local\HockeyCrashes deleted successfully
C:\Users\Fujitsu\AppData\Local\MigWiz deleted successfully
C:\Users\Fujitsu\AppData\Local\NCSOFT deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2728587893-4226705378-2779304957-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Activision not found
C:\PROGRA~2\en_zf not found
C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\TunnelBear not found
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~2\WinISO Computing not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\PowerISO deleted
C:\PROGRA~2\Red Giant deleted
C:\Users\Fujitsu\.android deleted
C:\Users\Fujitsu\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\Fujitsu\AppData\Roaming\burnaware.ini deleted
C:\Users\Fujitsu\AppData\Roaming\GPU MeterV2_Settings.ini deleted
C:\Users\Fujitsu\AppData\Roaming\droid4xinstaller.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Fujitsu\AppData\Local\updater.log deleted
C:\Users\Fujitsu\AppData\Local\Unity deleted
C:\Users\Public\Documents\GenieSoft deleted
C:\Users\Fujitsu\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\windows\sysWoW64\config\systemprofile\Documents\Genie Soft deleted
"C:\Users\Fujitsu\AppData\Local\{B1BE380B-8194-448D-8B79-8DC140432D7D}" deleted
"C:\Users\Fujitsu\AppData\Local\{C1BEE54D-BC9F-4ADD-BA92-D6A3422BCFA5}" deleted
"C:\ProgramData\cm-lock" not deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332
user_pref("browser.startup.homepage", "http://www.google.com");
 
==== Firefox Extensions Registry ======================
 
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc2@internetdownloadmanager.com"="C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi" [10/02/2015 02:35 PM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332
30F232783820C8146F8A050F9E2F5D1D - C:\windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll - Shockwave for Director / Shockwave for Director
863AF0003392FEBC2667A8A790DED955 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Fujitsu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
 
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
 
Google Slides - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Web of Trust - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
ignotifier - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl
Google Sheets - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
IDM Integration Module - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Web Store Payments - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fujitsu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Fujitsu\AppData\Local\Mozilla\Firefox\Profiles\q6k2hoiq.default-1446557276332\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=209 folders=127 417463922 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Fujitsu\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Fujitsu\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\ProgramData\cm-lock"  not deleted
 
==== EOF on Fri 11/06/2015 at 20:24:07.92 ======================
 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 06 November 2015 - 02:13 PM

Hi screamgfx,

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 06 November 2015 - 02:28 PM

i scanned my pc with it about a week ago right before posting the first topic in BleepingComputer and it took about 6 hours so i'll do the scan when i'm home within 24 hours because i go out usually now.

 

won't be long i hope



#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 06 November 2015 - 03:13 PM

OK: I hope.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 07 November 2015 - 06:58 AM

well, it won't start now :) i have no idea what is wrong now

49pcT3w.png



#14 screamgfx

screamgfx
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt, Cairo
  • Local time:04:57 AM

Posted 07 November 2015 - 07:56 AM

ummmmm ... i don't really know what happened but since the last system restart i've made the redirecting thing and ad boxes nightmare is gone FINALLY  :bananas:

I did nothing at all but to double check that i'm not imagining i tried IE,Firefox and Chrome and all of them work very well with no problem finally ^_^

 

So in order to this i got to ask few questions to make sure everything remains like this :)

1- Do i still need to scan my pc with eset online scanner?

2- if i reconnected my googe account with chrome and synced old data will it bring the virus back?

3- i'm in a workgroup and i have no control to the router, So could it be that the router was restarted that solved my problem ?

4- is this normal?

eJL3ae8.png

 

Special thanks to you of course. you already made me clean a lot of trash on this machine  :thumbup2:



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 07 November 2015 - 02:01 PM

ummmmm ... i don't really know what happened but since the last system restart i've made the redirecting thing and ad boxes nightmare is gone FINALLY  :bananas:

I did nothing at all but to double check that i'm not imagining i tried IE,Firefox and Chrome and all of them work very well with no problem finally ^_^

 

Special thanks to you of course. you already made me clean a lot of trash on this machine  :thumbup2:

Glad to hear that.

 

My answers;

1- Do i still need to scan my pc with eset online scanner?
Yes,please.

2- if i reconnected my googe account with chrome and synced old data will it bring the virus back?
synced old ->Did you bookmarks ?  No problem

3- i'm in a workgroup and i have no control to the router, So could it be that the router was restarted that solved my problem ?
It could be a problem, i do not think

4- is this normal?
I do not see any pictures for some reason

 

Have a nice day.


Edited by olgun52, 12 December 2015 - 07:00 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users