Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crazy amount of pop ups and redirection.


  • Please log in to reply
14 replies to this topic

#1 Loon123

Loon123

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 15 November 2015 - 02:55 PM

Hi guys, it's been a year since i switching on this computer. I found out that there's tons of nasty pop ups and redirection when i open chrome or IE. Right now i'm using malwarebytes premium trial to temporary block those popups.

 

Here's my log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Jia loon (administrator) on OWNER-PC (16-11-2015 03:47:53)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Jia loon (Available Profiles: Jia loon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-02] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-11-09] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-16] (Google Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\MountPoints2: {a58812cd-783e-11e2-804a-806e6f6e6963} - E:\ASRSetup.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk [2015-11-16]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk [2015-11-16]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16
Tcpip\..\Interfaces\{7747E67D-8094-4E0D-B979-43603CEF93B1}: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://xin.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> DefaultScope {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-09-19] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\user.js [2015-02-11]
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: 752a85d468d648aeab7d6640f5f75d85 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\Extensions\{752a85d4-68d6-48ae-ab7d-6640f5f75d85} [2015-02-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-04] [not signed]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146" 
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Talk Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Zoom Launcher) - C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-16]
CHR Extension: (ciagpekplgpbepdgggflgmahnjgiaced) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-02-12]
CHR Extension: (Gom VPN - Bypass blocked sites) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-29]
CHR Extension: (HDQ-1.2cV03.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe [2015-11-16]
CHR Extension: (Vimeo™ Download Videos) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2014-01-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-16]
CHR Extension: (Google Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2015-02-12] (Autodesk) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-22] (Reprise Software Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax9_32; C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-09] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
S2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 kinonivd; system32\DRIVERS\kinonivd.sys [X]
S3 KINONI_Wave; system32\drivers\kinonivad.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 03:47 - 2015-11-16 03:48 - 00032361 _____ C:\Users\Owner\Desktop\FRST.txt
2015-11-16 03:46 - 2015-11-16 03:47 - 00049567 _____ C:\Users\Owner\Downloads\Addition.txt
2015-11-16 03:46 - 2015-11-16 03:47 - 00047851 _____ C:\Users\Owner\Downloads\FRST.txt
2015-11-16 03:41 - 2015-11-16 03:47 - 00000000 ____D C:\FRST
2015-11-16 03:39 - 2015-11-16 03:39 - 02198528 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-11-16 03:39 - 2015-11-16 03:39 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 01702400 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2015-11-16 03:37 - 2015-11-16 03:37 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\ProgramData\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\Program Files\ESET
2015-11-16 03:27 - 2015-11-16 03:27 - 02837704 _____ (ESET) C:\Users\Owner\Downloads\eset_smart_security_live_installer.exe
2015-11-16 03:26 - 2015-11-16 03:26 - 02838216 _____ (ESET) C:\Users\Owner\Downloads\eset_nod32_antivirus_live_installer.exe
2015-11-16 03:14 - 2015-11-16 03:14 - 00000687 _____ C:\awhE446.tmp
2015-11-16 03:12 - 2015-11-16 03:12 - 22908888 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-16 03:07 - 2015-11-16 03:07 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 03:47 - 2013-02-16 21:44 - 01549495 _____ C:\Windows\WindowsUpdate.log
2015-11-16 03:44 - 2009-07-14 12:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 03:44 - 2009-07-14 12:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 03:35 - 2013-03-09 21:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-11-16 03:33 - 2013-02-17 12:06 - 00001945 _____ C:\Windows\epplauncher.mif
2015-11-16 03:31 - 2009-07-14 13:13 - 00788438 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-16 03:25 - 2014-06-27 20:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 03:24 - 2015-02-12 22:56 - 00001987 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk
2015-11-16 03:24 - 2014-12-30 19:38 - 00216250 _____ C:\Windows\PFRO.log
2015-11-16 03:24 - 2014-12-03 22:38 - 00002158 _____ C:\Users\Owner\Desktop\iPhone4_Hacktivate_Tool.lnk
2015-11-16 03:24 - 2014-12-03 22:27 - 00001436 _____ C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job
2015-11-16 03:24 - 2014-12-03 22:26 - 00000626 _____ C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\01924464-9238-4120-8701-87b505018b92
2015-11-16 03:24 - 2014-12-03 21:54 - 00002875 _____ C:\Users\Owner\Desktop\GadgetWide Tool.lnk
2015-11-16 03:24 - 2014-12-03 21:54 - 00002829 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\GadgetWide Tool.lnk
2015-11-16 03:24 - 2014-12-03 20:00 - 00001839 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-11-16 03:24 - 2014-12-03 19:59 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-16 03:24 - 2014-09-27 16:16 - 00004893 _____ C:\Windows\setupact.log
2015-11-16 03:24 - 2014-09-18 10:29 - 00000893 _____ C:\Users\Owner\Desktop\Naruto Shippuden Ultimate Ninja Storm Revolution.lnk
2015-11-16 03:24 - 2014-08-31 00:54 - 00001751 _____ C:\Users\Owner\Desktop\Zoom.lnk
2015-11-16 03:24 - 2014-08-28 01:43 - 00002200 _____ C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk
2015-11-16 03:24 - 2014-07-28 16:11 - 00001061 _____ C:\Users\Public\Desktop\focus booster.lnk
2015-11-16 03:24 - 2014-07-27 13:02 - 00013942 _____ C:\Users\Owner\Desktop\mentor_cms - Shortcut.lnk
2015-11-16 03:24 - 2014-07-19 17:01 - 00000646 _____ C:\Users\Owner\Desktop\catref2 - Shortcut.lnk
2015-11-16 03:24 - 2014-07-18 23:08 - 00000614 _____ C:\Users\Owner\Desktop\mei - Shortcut.lnk
2015-11-16 03:24 - 2014-07-16 09:29 - 00000813 _____ C:\Users\Owner\Desktop\meindbender.lnk
2015-11-16 03:24 - 2014-07-07 15:56 - 00001786 _____ C:\Users\Public\Desktop\Maya 2014.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002134 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001732 _____ C:\Users\Owner\Desktop\NukeAssist 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001732 _____ C:\Users\Owner\Desktop\Nuke 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001726 _____ C:\Users\Owner\Desktop\NukeX 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 11:12 - 00000000 ____D C:\ProgramData\Reprise
2015-11-16 03:24 - 2014-04-20 15:30 - 00000662 _____ C:\Users\Owner\Desktop\nicereels - Shortcut.lnk
2015-11-16 03:24 - 2014-03-25 19:58 - 00001136 _____ C:\Users\Public\Desktop\Toon Boom Studio 8.0.lnk
2015-11-16 03:24 - 2014-03-24 22:19 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-16 03:24 - 2014-03-24 22:19 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-16 03:24 - 2014-03-11 01:18 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-11-16 03:24 - 2014-03-10 02:17 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-16 03:24 - 2014-03-08 00:36 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-11-16 03:24 - 2014-03-08 00:36 - 00001001 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-11-16 03:24 - 2014-03-04 10:38 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-11-16 03:24 - 2014-01-25 18:30 - 00000568 _____ C:\Users\Public\Desktop\Camtasia Studio 7.lnk
2015-11-16 03:24 - 2014-01-25 18:13 - 00000516 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-11-16 03:24 - 2014-01-13 00:05 - 00001508 _____ C:\Users\Owner\Desktop\MPEG_Streamclip - Shortcut.lnk
2015-11-16 03:24 - 2014-01-10 12:07 - 00001199 _____ C:\Users\Owner\Desktop\Any Video Converter.lnk
2015-11-16 03:24 - 2014-01-08 16:05 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-16 03:24 - 2014-01-08 16:05 - 00000937 _____ C:\Users\Public\Desktop\µTorrent.lnk
2015-11-16 03:24 - 2014-01-05 13:42 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job
2015-11-16 03:24 - 2014-01-05 13:42 - 00000862 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job
2015-11-16 03:24 - 2013-12-20 19:07 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
2015-11-16 03:24 - 2013-12-20 18:46 - 00001031 _____ C:\Users\Owner\Desktop\Sketch It!.lnk
2015-11-16 03:24 - 2013-12-17 21:59 - 00000668 _____ C:\Users\Owner\Desktop\RV-4.0.9-64.lnk
2015-11-16 03:24 - 2013-12-15 11:36 - 00000662 _____ C:\Users\Owner\Desktop\amclasses - Shortcut.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2015-11-16 03:24 - 2013-04-03 00:37 - 00001335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-11-16 03:24 - 2013-04-03 00:28 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00001025 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2015-11-16 03:24 - 2013-03-09 21:08 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-16 03:24 - 2013-03-09 21:08 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-16 03:24 - 2013-02-24 22:09 - 00000868 _____ C:\Users\Owner\Desktop\Handbrake.lnk
2015-11-16 03:24 - 2013-02-23 00:02 - 00001874 _____ C:\Users\Owner\Desktop\FlipBook 6.lnk
2015-11-16 03:24 - 2013-02-17 21:52 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-16 03:24 - 2013-02-17 18:09 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-16 03:24 - 2013-02-17 17:01 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 03:24 - 2013-02-17 16:07 - 00001786 _____ C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
2015-11-16 03:24 - 2013-02-17 14:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-16 03:24 - 2013-02-17 14:11 - 00000911 _____ C:\Users\Public\Desktop\Steam.lnk
2015-11-16 03:24 - 2013-02-17 13:53 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-11-16 03:24 - 2013-02-17 13:53 - 00001025 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-11-16 03:24 - 2013-02-17 13:02 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-16 03:24 - 2013-02-17 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 03:24 - 2013-02-17 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 03:24 - 2013-02-16 21:44 - 00001389 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-16 03:24 - 2013-02-16 21:43 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-16 03:24 - 2013-02-16 21:43 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-16 03:24 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 03:24 - 2009-07-14 13:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-11-16 03:24 - 2009-07-14 12:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-11-16 03:24 - 2009-07-14 12:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-16 03:14 - 2014-06-27 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 03:14 - 2014-06-27 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 03:11 - 2014-01-05 13:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA
2015-11-16 03:11 - 2014-01-05 13:42 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core
2015-11-16 03:11 - 2013-02-17 13:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-16 03:11 - 2013-02-17 13:02 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-16 03:07 - 2013-02-17 14:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-11-16 03:06 - 2013-06-24 09:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-16 03:05 - 2014-04-04 03:19 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-11-16 03:05 - 2014-04-04 03:19 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
 
==================== Files in the root of some directories =======
 
2014-01-26 18:06 - 2014-01-26 18:16 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-10-15 18:36 - 2014-05-06 16:24 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-04-16 21:30 - 2014-08-17 12:41 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe Targa Format CS5 Prefs
2014-12-03 22:40 - 2014-12-03 22:41 - 0000600 _____ () C:\Users\Owner\AppData\Roaming\winscp.rnd
2014-01-25 18:37 - 2014-09-20 01:21 - 0016384 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-03 22:39 - 2014-12-03 22:59 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2014-08-28 01:42 - 2014-08-28 01:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-25 15:36 - 2013-06-25 15:38 - 0000813 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 20:15
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 15 November 2015 - 03:00 PM

Attached File  Addition.txt   48.4KB   1 downloads


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 15 November 2015 - 03:04 PM

Hello Loon123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 15 November 2015 - 03:10 PM

thank you so much for the fast reply! awaiting your fix!



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 15 November 2015 - 03:50 PM

thank you so much for the fast reply! awaiting your fix!

Hi Loon123,
 

vrbrgcivzkmn (S-1-5-21-309331358-3987940122-554215294-1003 - Limited - Disabled)

Do you know this user ?
================================

ATTENTION: System Restore is disabled

 
For this:
Please do Enable.
How to Enable and Disable System Restore

https://support.microsoft.com/en-us/kb/264887

=========================================================================

D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe

If you are using crack-keygen software to remove them all. !
 

Crack and keygen !
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, BC does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

============================================================================================================

Please I am waiting answer.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 15 November 2015 - 04:02 PM

hi Yilmaz, no, i do not know the person..

 

i had delete the following.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Jia loon (administrator) on OWNER-PC (16-11-2015 05:00:09)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Jia loon (Available Profiles: Jia loon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-02] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-11-09] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-16] (Google Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\MountPoints2: {a58812cd-783e-11e2-804a-806e6f6e6963} - E:\ASRSetup.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk [2015-11-16]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk [2015-11-16]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16
Tcpip\..\Interfaces\{7747E67D-8094-4E0D-B979-43603CEF93B1}: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://xin.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> DefaultScope {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-09-19] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-309331358-3987940122-554215294-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\user.js [2015-02-11]
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: 752a85d468d648aeab7d6640f5f75d85 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\Extensions\{752a85d4-68d6-48ae-ab7d-6640f5f75d85} [2015-02-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-04] [not signed]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146" 
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Talk Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Zoom Launcher) - C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-16]
CHR Extension: (ciagpekplgpbepdgggflgmahnjgiaced) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-02-12]
CHR Extension: (Gom VPN - Bypass blocked sites) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-29]
CHR Extension: (HDQ-1.2cV03.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe [2015-11-16]
CHR Extension: (Vimeo™ Download Videos) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2014-01-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-16]
CHR Extension: (Google Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2015-02-12] (Autodesk) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-22] (Reprise Software Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax9_32; C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-09] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
S2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 kinonivd; system32\DRIVERS\kinonivd.sys [X]
S3 KINONI_Wave; system32\drivers\kinonivad.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 03:48 - 2015-11-16 03:48 - 00049565 _____ C:\Users\Owner\Desktop\Addition.txt
2015-11-16 03:47 - 2015-11-16 05:00 - 00032304 _____ C:\Users\Owner\Desktop\FRST.txt
2015-11-16 03:46 - 2015-11-16 03:47 - 00049567 _____ C:\Users\Owner\Downloads\Addition.txt
2015-11-16 03:46 - 2015-11-16 03:47 - 00047851 _____ C:\Users\Owner\Downloads\FRST.txt
2015-11-16 03:41 - 2015-11-16 05:00 - 00000000 ____D C:\FRST
2015-11-16 03:39 - 2015-11-16 03:39 - 02198528 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-11-16 03:39 - 2015-11-16 03:39 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 01702400 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2015-11-16 03:37 - 2015-11-16 03:37 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\ProgramData\ESET
2015-11-16 03:37 - 2015-11-16 03:37 - 00000000 ____D C:\Program Files\ESET
2015-11-16 03:27 - 2015-11-16 03:27 - 02837704 _____ (ESET) C:\Users\Owner\Downloads\eset_smart_security_live_installer.exe
2015-11-16 03:26 - 2015-11-16 03:26 - 02838216 _____ (ESET) C:\Users\Owner\Downloads\eset_nod32_antivirus_live_installer.exe
2015-11-16 03:14 - 2015-11-16 03:14 - 00000687 _____ C:\awhE446.tmp
2015-11-16 03:12 - 2015-11-16 03:12 - 22908888 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-16 03:07 - 2015-11-16 03:07 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 04:42 - 2013-02-16 21:44 - 01861052 _____ C:\Windows\WindowsUpdate.log
2015-11-16 04:38 - 2014-01-05 13:42 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job
2015-11-16 04:37 - 2014-03-19 16:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2015-11-16 04:27 - 2014-12-03 22:27 - 00001436 _____ C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job
2015-11-16 04:26 - 2014-12-03 22:26 - 00000626 _____ C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job
2015-11-16 04:25 - 2013-02-17 13:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-16 04:25 - 2013-02-17 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 04:18 - 2014-06-27 20:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 03:44 - 2009-07-14 12:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 03:44 - 2009-07-14 12:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 03:35 - 2013-03-09 21:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-11-16 03:33 - 2013-02-17 12:06 - 00001945 _____ C:\Windows\epplauncher.mif
2015-11-16 03:31 - 2009-07-14 13:13 - 00788438 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-16 03:24 - 2015-02-12 22:56 - 00001987 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk
2015-11-16 03:24 - 2014-12-30 19:38 - 00216250 _____ C:\Windows\PFRO.log
2015-11-16 03:24 - 2014-12-03 22:38 - 00002158 _____ C:\Users\Owner\Desktop\iPhone4_Hacktivate_Tool.lnk
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\01924464-9238-4120-8701-87b505018b92
2015-11-16 03:24 - 2014-12-03 21:54 - 00002875 _____ C:\Users\Owner\Desktop\GadgetWide Tool.lnk
2015-11-16 03:24 - 2014-12-03 21:54 - 00002829 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\GadgetWide Tool.lnk
2015-11-16 03:24 - 2014-12-03 20:00 - 00001839 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-11-16 03:24 - 2014-12-03 19:59 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-16 03:24 - 2014-09-27 16:16 - 00004893 _____ C:\Windows\setupact.log
2015-11-16 03:24 - 2014-09-18 10:29 - 00000893 _____ C:\Users\Owner\Desktop\Naruto Shippuden Ultimate Ninja Storm Revolution.lnk
2015-11-16 03:24 - 2014-08-31 00:54 - 00001751 _____ C:\Users\Owner\Desktop\Zoom.lnk
2015-11-16 03:24 - 2014-08-28 01:43 - 00002200 _____ C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk
2015-11-16 03:24 - 2014-07-28 16:11 - 00001061 _____ C:\Users\Public\Desktop\focus booster.lnk
2015-11-16 03:24 - 2014-07-27 13:02 - 00013942 _____ C:\Users\Owner\Desktop\mentor_cms - Shortcut.lnk
2015-11-16 03:24 - 2014-07-19 17:01 - 00000646 _____ C:\Users\Owner\Desktop\catref2 - Shortcut.lnk
2015-11-16 03:24 - 2014-07-18 23:08 - 00000614 _____ C:\Users\Owner\Desktop\mei - Shortcut.lnk
2015-11-16 03:24 - 2014-07-16 09:29 - 00000813 _____ C:\Users\Owner\Desktop\meindbender.lnk
2015-11-16 03:24 - 2014-07-07 15:56 - 00001786 _____ C:\Users\Public\Desktop\Maya 2014.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002134 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-11-16 03:24 - 2014-06-04 00:14 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001732 _____ C:\Users\Owner\Desktop\NukeAssist 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001732 _____ C:\Users\Owner\Desktop\Nuke 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 12:25 - 00001726 _____ C:\Users\Owner\Desktop\NukeX 7.0v6.lnk
2015-11-16 03:24 - 2014-04-22 11:12 - 00000000 ____D C:\ProgramData\Reprise
2015-11-16 03:24 - 2014-04-20 15:30 - 00000662 _____ C:\Users\Owner\Desktop\nicereels - Shortcut.lnk
2015-11-16 03:24 - 2014-03-25 19:58 - 00001136 _____ C:\Users\Public\Desktop\Toon Boom Studio 8.0.lnk
2015-11-16 03:24 - 2014-03-24 22:19 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-16 03:24 - 2014-03-24 22:19 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-16 03:24 - 2014-03-11 01:18 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-11-16 03:24 - 2014-03-10 02:17 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-16 03:24 - 2014-03-08 00:36 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-11-16 03:24 - 2014-03-08 00:36 - 00001001 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-11-16 03:24 - 2014-03-04 10:38 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-11-16 03:24 - 2014-01-25 18:30 - 00000568 _____ C:\Users\Public\Desktop\Camtasia Studio 7.lnk
2015-11-16 03:24 - 2014-01-25 18:13 - 00000516 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-11-16 03:24 - 2014-01-13 00:05 - 00001508 _____ C:\Users\Owner\Desktop\MPEG_Streamclip - Shortcut.lnk
2015-11-16 03:24 - 2014-01-10 12:07 - 00001199 _____ C:\Users\Owner\Desktop\Any Video Converter.lnk
2015-11-16 03:24 - 2014-01-08 16:05 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-16 03:24 - 2014-01-08 16:05 - 00000937 _____ C:\Users\Public\Desktop\µTorrent.lnk
2015-11-16 03:24 - 2014-01-05 13:42 - 00000862 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job
2015-11-16 03:24 - 2013-12-20 19:07 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
2015-11-16 03:24 - 2013-12-20 18:46 - 00001031 _____ C:\Users\Owner\Desktop\Sketch It!.lnk
2015-11-16 03:24 - 2013-12-17 21:59 - 00000668 _____ C:\Users\Owner\Desktop\RV-4.0.9-64.lnk
2015-11-16 03:24 - 2013-12-15 11:36 - 00000662 _____ C:\Users\Owner\Desktop\amclasses - Shortcut.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2015-11-16 03:24 - 2013-04-06 14:40 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2015-11-16 03:24 - 2013-04-03 00:37 - 00001335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-11-16 03:24 - 2013-04-03 00:36 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-11-16 03:24 - 2013-04-03 00:28 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00001025 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2015-11-16 03:24 - 2013-04-03 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2015-11-16 03:24 - 2013-03-09 21:08 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-16 03:24 - 2013-03-09 21:08 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-16 03:24 - 2013-02-24 22:09 - 00000868 _____ C:\Users\Owner\Desktop\Handbrake.lnk
2015-11-16 03:24 - 2013-02-23 00:02 - 00001874 _____ C:\Users\Owner\Desktop\FlipBook 6.lnk
2015-11-16 03:24 - 2013-02-17 21:52 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-16 03:24 - 2013-02-17 18:09 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-16 03:24 - 2013-02-17 17:01 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 03:24 - 2013-02-17 16:07 - 00001786 _____ C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
2015-11-16 03:24 - 2013-02-17 14:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-16 03:24 - 2013-02-17 14:11 - 00000911 _____ C:\Users\Public\Desktop\Steam.lnk
2015-11-16 03:24 - 2013-02-17 13:53 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-11-16 03:24 - 2013-02-17 13:53 - 00001025 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-11-16 03:24 - 2013-02-17 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 03:24 - 2013-02-16 21:44 - 00001389 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-16 03:24 - 2013-02-16 21:43 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-16 03:24 - 2013-02-16 21:43 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-16 03:24 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 03:24 - 2009-07-14 13:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-11-16 03:24 - 2009-07-14 12:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-11-16 03:24 - 2009-07-14 12:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-11-16 03:24 - 2009-07-14 12:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-16 03:14 - 2014-06-27 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 03:14 - 2014-06-27 20:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 03:11 - 2014-01-05 13:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA
2015-11-16 03:11 - 2014-01-05 13:42 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core
2015-11-16 03:11 - 2013-02-17 13:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-16 03:11 - 2013-02-17 13:02 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-16 03:07 - 2013-02-17 14:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-11-16 03:06 - 2013-06-24 09:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-16 03:05 - 2014-04-04 03:19 - 00003722 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-11-16 03:05 - 2014-04-04 03:19 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
 
==================== Files in the root of some directories =======
 
2014-01-26 18:06 - 2014-01-26 18:16 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-10-15 18:36 - 2014-05-06 16:24 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-04-16 21:30 - 2014-08-17 12:41 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe Targa Format CS5 Prefs
2014-12-03 22:40 - 2014-12-03 22:41 - 0000600 _____ () C:\Users\Owner\AppData\Roaming\winscp.rnd
2014-01-25 18:37 - 2014-09-20 01:21 - 0016384 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-03 22:39 - 2014-12-03 22:59 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2014-08-28 01:42 - 2014-08-28 01:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-25 15:36 - 2013-06-25 15:38 - 0000813 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 20:15
 
==================== End of FRST.txt ============================


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 15 November 2015 - 05:00 PM

Hi Loon123,

vrbrgcivzkmn
--------------------
Not If you know this user.  It means harmful.  Can you see at the first opening  to started  this user ? Give me information for this. You don't operation without my knowledge. Ok ?
-----------------------------------------------------------------------------------------------------------------

ESET Personal firewall (Enabled)
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
========================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
 
µTorrent
HDQ-1.2cV03.12
Mobogenie
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\HDQ-1.2cV03.12

 
PC Restart.
=======================================
 
 Ensure your external and/or USB drives are inserted during the scan
 
Step 1:

 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   10.37KB   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:
 
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.


Edited by olgun52, 15 November 2015 - 05:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 15 November 2015 - 07:41 PM

hi, i not sure why vrbrgcivzkmn is appearing, is there anyway for me to give you more information? i have no idea how to do it

 

and here are the scans.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Jia loon (2015-11-16 07:44:06) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Jia loon (Available Profiles: Jia loon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0865FF12-E951-4355-984C-64E4B33CF5DC} - System32\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e => C:\Program Files (x86)\HDQ-1.2cV03.12\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.exe <==== ATTENTION
Task: {15914650-8626-4DE9-8B41-CDEB3E8CFBC3} - \ef219550-3dc9-438d-b3fe-765e8690da31-4 -> No File <==== ATTENTION
Task: {19AC4608-59A3-4F3F-BF27-C175BDECD031} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {472678E9-4BF9-4B1A-BC7A-AD6FE3EF9898} - \ef219550-3dc9-438d-b3fe-765e8690da31-5 -> No File <==== ATTENTION
Task: {49328367-58C9-4DF9-988A-EF7B85829095} - \ef219550-3dc9-438d-b3fe-765e8690da31-1 -> No File <==== ATTENTION
Task: {76DA554E-B88F-408A-A3B0-3968BB237DD6} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {7862EF2C-6F05-4F53-B238-3D4F5B5B75B6} - \ef219550-3dc9-438d-b3fe-765e8690da31-11 -> No File <==== ATTENTION
Task: {BBDB9B45-B2C9-44D3-8B25-0DCE40B5C166} - System32\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d => C:\Program Files (x86)\HDQ-1.2cV03.12\f1af3199-0bd3-4338-a74d-1895b721b98d.exe <==== ATTENTION
Task: {C143EB3A-8B4A-4611-8092-7AE1F2A98790} - \ef219550-3dc9-438d-b3fe-765e8690da31-6 -> No File <==== ATTENTION
Task: {C7ABA42F-7997-41DE-AB95-2EA248E211BB} - \ef219550-3dc9-438d-b3fe-765e8690da31-3 -> No File <==== ATTENTION
Task: {D9FDDE59-D214-4399-9397-82393FF72E63} - \ef219550-3dc9-438d-b3fe-765e8690da31-7 -> No File <==== ATTENTION
Task: {DD8A0C80-8F41-4F0B-B903-FA1BF242A00D} - \AmiUpdXp -> No File <==== ATTENTION
Task: {EF08F9BA-B999-4AEC-ADF3-D445D3FA82E3} - \ef219550-3dc9-438d-b3fe-765e8690da31-5_user -> No File <==== ATTENTION
Task: C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job => C:\Program Files (x86)\HDQ-1.2cV03.12\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.exe <==== ATTENTION
Task: C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job => C:\Program Files (x86)\HDQ-1.2cV03.12\f1af3199-0bd3-4338-a74d-1895b721b98d.exe?/agentregpath='HDQ-1.2cV03.12' /appid=65781 /srcid='002413' /subid='0' /zdata='0' /bic=F1B6949B7AF8405B8FEF5CBAB7C86943IE /verifier=ee021112df60fd9f5b926d8266027fb3 /installerversion=1_35_11_26 /installationtime=1417616787 /statsdomain=hxxp:/stats.newstaticdatacloud.com /errorsdomain=hxxp:/errors.newstaticdatacloud.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.newstaticdatacloud.com <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\Users\Owner\Local Settings:Tn0ZnMg3c47eeiJeL0g4rZT40yU
AlternateDataStreams: C:\Users\Owner\AppData\Local:Tn0ZnMg3c47eeiJeL0g4rZT40yU
AlternateDataStreams: C:\Users\Owner\AppData\Local\Application Data:Tn0ZnMg3c47eeiJeL0g4rZT40yU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent
C:\Program Files (x86)\Mobogenie
FirewallRules: [{D6A2DE1F-D295-4E2E-91CD-6E1634F3BECC}] => (Allow) C:\Users\Owner\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [TCP Query User{19DD2063-3380-43CD-BFAF-ACD22B387B5B}D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe] => (Block) D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe
FirewallRules: [UDP Query User{0893BFF5-9937-47B0-A79D-C0225F2BC25B}D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe] => (Block) D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-309331358-3987940122-554215294-1000\...\MountPoints2: {a58812cd-783e-11e2-804a-806e6f6e6963} - E:\ASRSetup.exe
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File)
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> DefaultScope {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {4DAD479C-06E2-453B-BC72-6028093CCAD5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-309331358-3987940122-554215294-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
FF NetworkProxy: "type", 5
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\user.js
FF Extension: 752a85d468d648aeab7d6640f5f75d85 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\Extensions\{752a85d4-68d6-48ae-ab7d-6640f5f75d85} 
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [not found]
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146" 
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1417616728&from=amt&uid=PLEXTORXPX-128M5Pro_P02302115146&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
CHR Extension: (ciagpekplgpbepdgggflgmahnjgiaced) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
CHR Extension: (HDQ-1.2cV03.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
C:\awhE446.tmp
2015-11-16 03:24 - 2014-12-30 19:38 - 00216250 _____ C:\Windows\PFRO.log
2015-11-16 03:24 - 2014-12-03 22:38 - 00002158 _____ C:\Users\Owner\Desktop\iPhone4_Hacktivate_Tool.lnk
2015-11-16 03:24 - 2014-12-03 22:27 - 00001436 _____ C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job
2015-11-16 03:24 - 2014-12-03 22:26 - 00000626 _____ C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-16 03:24 - 2014-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\01924464-9238-4120-8701-87b505018b92
2015-11-16 03:24 - 2014-01-08 16:05 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-16 03:24 - 2014-01-08 16:05 - 00000937 _____ C:\Users\Public\Desktop\µTorrent.lnk
2015-11-16 03:24 - 2014-01-05 13:42 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job
2015-11-16 03:24 - 2014-01-05 13:42 - 00000862 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job
C:\Users\Owner\AppData\Roaming\winscp.rnd
2014-12-03 22:39 - 2014-12-03 22:59 - 0000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND
2014-08-28 01:42 - 2014-08-28 01:42 - 0000057 _____ () C:\ProgramData\Ament.ini
Shortcut: 
cmd: netsh winsock reset
EmptyTemp:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-309331358-3987940122-554215294-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0865FF12-E951-4355-984C-64E4B33CF5DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0865FF12-E951-4355-984C-64E4B33CF5DC}" => key removed successfully
C:\Windows\System32\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15914650-8626-4DE9-8B41-CDEB3E8CFBC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15914650-8626-4DE9-8B41-CDEB3E8CFBC3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-4 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19AC4608-59A3-4F3F-BF27-C175BDECD031}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19AC4608-59A3-4F3F-BF27-C175BDECD031}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{472678E9-4BF9-4B1A-BC7A-AD6FE3EF9898}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472678E9-4BF9-4B1A-BC7A-AD6FE3EF9898}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-5 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49328367-58C9-4DF9-988A-EF7B85829095}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49328367-58C9-4DF9-988A-EF7B85829095}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76DA554E-B88F-408A-A3B0-3968BB237DD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DA554E-B88F-408A-A3B0-3968BB237DD6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7862EF2C-6F05-4F53-B238-3D4F5B5B75B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7862EF2C-6F05-4F53-B238-3D4F5B5B75B6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-11 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBDB9B45-B2C9-44D3-8B25-0DCE40B5C166}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBDB9B45-B2C9-44D3-8B25-0DCE40B5C166}" => key removed successfully
C:\Windows\System32\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f1af3199-0bd3-4338-a74d-1895b721b98d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C143EB3A-8B4A-4611-8092-7AE1F2A98790}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C143EB3A-8B4A-4611-8092-7AE1F2A98790}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-6 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7ABA42F-7997-41DE-AB95-2EA248E211BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7ABA42F-7997-41DE-AB95-2EA248E211BB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-3 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9FDDE59-D214-4399-9397-82393FF72E63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9FDDE59-D214-4399-9397-82393FF72E63}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD8A0C80-8F41-4F0B-B903-FA1BF242A00D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD8A0C80-8F41-4F0B-B903-FA1BF242A00D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF08F9BA-B999-4AEC-ADF3-D445D3FA82E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF08F9BA-B999-4AEC-ADF3-D445D3FA82E3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ef219550-3dc9-438d-b3fe-765e8690da31-5_user => key not found. 
C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job => moved successfully
C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job => moved successfully
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
"C:\Users\Owner\Local Settings" => ":Tn0ZnMg3c47eeiJeL0g4rZT40yU" ADS not found.
C:\Users\Owner\AppData\Local => ":Tn0ZnMg3c47eeiJeL0g4rZT40yU" ADS removed successfully.
"C:\Users\Owner\AppData\Local\Application Data" => ":Tn0ZnMg3c47eeiJeL0g4rZT40yU" ADS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Mobogenie" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6A2DE1F-D295-4E2E-91CD-6E1634F3BECC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{19DD2063-3380-43CD-BFAF-ACD22B387B5B}D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0893BFF5-9937-47B0-A79D-C0225F2BC25B}D:\downloads\the foundry nuke 8.0 v3 win - xforce\crack\flt7.0v2-win-x86-release-32\rlm.foundry.exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
"HKU\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a58812cd-783e-11e2-804a-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{a58812cd-783e-11e2-804a-806e6f6e6963} => key not found. 
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File) => not found.
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk ->  (No File) => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\Wow6432Node\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKU\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DAD479C-06E2-453B-BC72-6028093CCAD5}" => key removed successfully
HKCR\CLSID\{4DAD479C-06E2-453B-BC72-6028093CCAD5} => key not found. 
"HKU\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default => FRST is scripted not to move this directory.
Firefox "homepage" removed successfully
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\user.js => not found.
FF Extension: 752a85d468d648aeab7d6640f5f75d85 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\Extensions\{752a85d4-68d6-48ae-ab7d-6640f5f75d85} => not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com => path removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => not found
CHR Extension: (ciagpekplgpbepdgggflgmahnjgiaced) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced => not found
CHR Extension: (HDQ-1.2cV03.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => key removed successfully
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
EagleX64 => service removed successfully
C:\awhE446.tmp => moved successfully
C:\Windows\PFRO.log => moved successfully
C:\Users\Owner\Desktop\iPhone4_Hacktivate_Tool.lnk => moved successfully
"C:\Windows\Tasks\f1af3199-0bd3-4338-a74d-1895b721b98d.job" => not found.
"C:\Windows\Tasks\bff0b82f-cdc6-4cdf-91f4-4aca90a0217e.job" => not found.
C:\Program Files (x86)\globalUpdate => moved successfully
C:\Program Files (x86)\01924464-9238-4120-8701-87b505018b92 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk => moved successfully
C:\Users\Public\Desktop\µTorrent.lnk => moved successfully
"C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000UA.job" => not found.
"C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309331358-3987940122-554215294-1000Core.job" => not found.
C:\Users\Owner\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Owner\AppData\Local\PUTTY.RND => moved successfully
C:\ProgramData\Ament.ini => moved successfully
Shortcut: => Error: No automatic fix found for this entry.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:44:25 ====
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/11/2015
Scan Time: 7:52 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.15.04
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jia loon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421285
Time Elapsed: 8 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 44
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [133d3c42a4e71a1cd9adf04acc36e61a], 
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [133d3c42a4e71a1cd9adf04acc36e61a], 
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [133d3c42a4e71a1cd9adf04acc36e61a], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b49c542ac2c9a78fdc01b38f01018f71], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b49c542ac2c9a78fdc01b38f01018f71], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b49c542ac2c9a78fdc01b38f01018f71], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b49c542ac2c9a78fdc01b38f01018f71], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b49c542ac2c9a78fdc01b38f01018f71], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [fc54b6c85e2dbb7b964ab2903ec409f7], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [fc54b6c85e2dbb7b964ab2903ec409f7], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [fc54b6c85e2dbb7b964ab2903ec409f7], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [fc54b6c85e2dbb7b964ab2903ec409f7], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}, Quarantined, [fc54b6c85e2dbb7b964ab2903ec409f7], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture.1, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture.1, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, Quarantined, [97b906781a71af878dbf380a54ae5aa6], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [aca4cdb1c1cac47232ac46fc16ec0ef2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}, Quarantined, [aca4cdb1c1cac47232ac46fc16ec0ef2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [08486c128803e650657c202226dcd52b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [08486c128803e650657c202226dcd52b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [08486c128803e650657c202226dcd52b], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}, Quarantined, [450b69158cff5dd9826069d9cc3631cf], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}, Quarantined, [450b69158cff5dd9826069d9cc3631cf], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}, Quarantined, [40106717f398e84e34afe85a09f9867a], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}, Quarantined, [40106717f398e84e34afe85a09f9867a], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [f060dda199f2340239ac1c2618eaf907], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}, Quarantined, [f060dda199f2340239ac1c2618eaf907], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}, Quarantined, [91bfb7c70e7d6fc740a694ae3ac8cf31], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}, Quarantined, [91bfb7c70e7d6fc740a694ae3ac8cf31], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}, Quarantined, [51ffa8d6820965d13aad88ba7e84ea16], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}, Quarantined, [51ffa8d6820965d13aad88ba7e84ea16], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}, Quarantined, [dd73c1bd682352e47c6ca89a09f914ec], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}, Quarantined, [dd73c1bd682352e47c6ca89a09f914ec], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}, Quarantined, [a8a86c123e4d3cfab635f949f30fae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}, Quarantined, [a8a86c123e4d3cfab635f949f30fae52], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}, Quarantined, [f15fd2ac5c2f88ae618cd46e21e13ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}, Quarantined, [f15fd2ac5c2f88ae618cd46e21e13ec2], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}, Quarantined, [87c9e19d1477aa8cd21c4cf6bf4358a8], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}, Quarantined, [87c9e19d1477aa8cd21c4cf6bf4358a8], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 5
Adware.Trace, C:\awh1B4.tmp, Quarantined, [5ef2c6b84e3dbd79cafab12412f136ca], 
Adware.Trace, C:\awh2E30.tmp, Quarantined, [6ae6ccb2c8c360d6d6eed104937048b8], 
Adware.Trace, C:\awhDAA5.tmp, Quarantined, [133dd3ab5f2cc2740fb55580db2829d7], 
Adware.Trace, C:\awhDCE6.tmp, Quarantined, [311f245acdbe072f5a6a84519a695aa6], 
Adware.Trace, C:\awhFA45.tmp, Quarantined, [1c34c3bb1d6ece6814b0bb1a3cc71ee2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 
 
 
 
ComboFix 15-11-15.01 - Jia loon 16/11/2015   8:09.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.16345.12602 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.318.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-16 to 2015-11-16  )))))))))))))))))))))))))))))))
.
.
2015-11-16 00:11 . 2015-11-16 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-15 23:02 . 2015-10-19 19:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3F057C3-1F24-4082-863D-F7AFF8A01F4F}\mpengine.dll
2015-11-15 19:41 . 2015-11-15 23:45 -------- d-----w- C:\FRST
2015-11-15 19:39 . 2015-11-15 19:39 -------- d-----w- c:\users\Owner\AppData\Local\ESET
2015-11-15 19:37 . 2015-11-15 19:37 -------- d-----w- c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-15 23:45 . 2014-06-27 12:31 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-06 22:16 . 2015-10-06 22:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2015-10-05 01:50 . 2014-06-27 12:29 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 01:50 . 2014-06-27 12:29 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 01:50 . 2013-02-17 09:01 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-16 2573416]
"GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-11-07 811848]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-05-08 3499896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-14 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Foundry FLEXlm Server;Foundry FLEXlm Server;c:\program files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe;c:\program files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Foundry License Server;Foundry License Server;c:\program files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe;c:\program files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-15 20:24 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 218.186.2.16 218.186.2.6 202.156.1.16
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\
FF - user.js: network.http.spdy.enabled - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2015-11-16  08:13:43 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-16 00:13
.
Pre-Run: 6,410,797,056 bytes free
Post-Run: 5,832,941,568 bytes free
.
- - End Of File - - B3C172F9508AF9E8EBA94222B1B1C8CD
 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 16 November 2015 - 11:58 AM

Hi Loon123,
 

is there anyway for me to give you more information? i have no idea how to do it

there is no need to worry.
 
Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step4:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

===================================================

Things I would like to see in your next reply. :thumbup2:

  • Adwcleaner.txt
  • Jrt.txt
  • ZHP.txt
  • Emsisoft report

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 16 November 2015 - 01:40 PM

# AdwCleaner v5.021 - Logfile created 17/11/2015 at 02:10:20
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jia loon - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Owner\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Owner\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Owner\daemonprocess.txt
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eagomcfjiefffhpaejnlpjccikpipdoe
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\085d77d2-4c84-4f32-bcd9-0b356f1ca7fb
[-] Key Deleted : HKLM\SOFTWARE\4e797e8a-c434-424c-9c1c-e7563b11bbd2
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\prefs.js] [Preference] Deleted : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1405253529913");
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eagomcfjiefffhpaejnlpjccikpipdoe
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5179 bytes] ##########
 
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jia loon on Tue 17/11/2015 at  2:15:20.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 17/11/2015 at  2:18:17.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

~ ZHPCleaner v2015.11.16.379 by Nicolas Coolman (2015/11/16)
~ Run by Jia loon (Administrator)  (17/11/2015 02:25:09)
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\Owner\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Owner\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (3)
MOVED file: C:\Users\Owner\Downloads\Pussy licks it like a Lollipop.mp4    =>PUP.Optional.Lollipop
MOVED file: C:\Users\Owner\Downloads\tempdownload\driver_setup.exe [Megaify Software - DriverToolkit Setup]  =>.Superfluous.Megaify
MOVED folder: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced  =>Hijacker.Browser ["update_url":"https://clients2.google.com/service/]
 
 
---\\  Registry ( Key, Value, Data) (5)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon [C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Not File)]  =>PUP.Optional.Mobogenie
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mystartsearch.com []  =>PUP.Optional.StartSearch
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mystartsearch.com [12186]  =>PUP.Optional.StartSearch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
 
 
---\\ Other deletions. (0)
~ Registry Keys Tracing deleted (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 554
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 8
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-17112015-02_25_17.txt
ZHPCleaner-[S]-17112015-02_21_58.txt
 
 

Emsisoft Emergency Kit - Version 10.0
Last update: 17/11/2015 2:36:46 AM
User account: Owner-PC\Jia loon
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 17/11/2015 2:37:33 AM
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Program Files (x86)\GadgetWide Cloud Control Service\ccsm.exe detected: Gen:Trojan.Heur.VP.Xm0@aybn2Gki (B)
C:\Users\Owner\Downloads\tempdownload\coretemp.exe detected: Application.Bundler.InstallIQ.A (B)
C:\Users\Owner\Downloads\tempdownload\coretemp (1).exe detected: Application.Bundler.InstallIQ.A (B)
 
Scanned 77301
Found 8
 
Scan end: 17/11/2015 2:38:57 AM
Scan time: 0:01:24
 
C:\Users\Owner\Downloads\tempdownload\coretemp (1).exe Quarantined Application.Bundler.InstallIQ.A (B)
C:\Users\Owner\Downloads\tempdownload\coretemp.exe Quarantined Application.Bundler.InstallIQ.A (B)
C:\Program Files (x86)\GadgetWide Cloud Control Service\ccsm.exe Quarantined Gen:Trojan.Heur.VP.Xm0@aybn2Gki (B)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 8
 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 16 November 2015 - 05:11 PM

Hi  Loon123,

Please follow the below steps to disable "Teredo" and report whether it helps.
:step1: Open an elevated "command prompt".
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
:step2: Type the below commands exactly and press "Enter" key.
      netsh interface teredo set state disabled
 Reboot the system when completed and check how the torrents works.

================================================================================

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear
Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
iedefaults;
FFdefaults;
CHRdefaults;
ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 16 November 2015 - 06:49 PM

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jia loon on Tue 17/11/2015 at  7:33:29.32.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
17/11/2015 7:33:57 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\uTorrent deleted successfully
C:\PROGRA~3\eMule deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Owner\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Owner\AppData\Local\PACE Anti-Piracy deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D6F9FDF-7C42-44CA-A15D-9A21308C5070} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{259507C1-EA7-4092-B8CB-6B1A6126DB73} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AC48690-F386-4341-B4B-6B1271C9228E} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FB83D8C-D60F-4EA3-819B-933E1A1EAB9} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61746981-7553-4CC7-BE80-D13D7FB534F1} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66F755D3-8E67-4840-82E5-60CE53B462E} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{758BAFD1-B78B-42FA-849C-2EA7C6CC7262} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{840E55AE-D1AD-4E47-A511-4CFF551AA11} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DA19A9F-7750-47CD-AD93-DCF6484DC32} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBB983E-C3E2-4629-8490-1953A11AFBF} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9B17142-45BD-4FE8-A9D4-784E53B3F2} deleted successfully
HKEY_USERS\S-1-5-21-309331358-3987940122-554215294-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9DFE29B-A67E-4AA5-A276-F1C9FCA9CC4} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\prefs.js:
 
Added to C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\uTorrent not found
C:\Users\Owner\AppData\Roaming\RV deleted
C:\Users\Owner\.android deleted
C:\Users\Owner\AppData\Local\cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [04/06/2014 12:18 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb1y33dw.default
- 752a85d468d648aeab7d6640f5f75d85 - %ProfilePath%\extensions\{752a85d4-68d6-48ae-ab7d-6640f5f75d85}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
 
Gom - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke
Vimeo™ Download Videos - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg
Kindle Cloud Reader - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
 
==== Chromium Fix ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.millionairetruth.com_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.millionairetruth.com_0.localstorage-journal deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=129 folders=34 2240038 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jia loon\AppData\Local\temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
 
==== EOF on Tue 17/11/2015 at  7:46:16.82 ======================


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 16 November 2015 - 07:27 PM

Hi  Loon123,

 

Flash Player Update:
Your Flash Player is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

Adobe Flash Player 12 Plugin ???

 

Home page:https://www.adobe.com/support/flashplayer/debug_downloads.html

Please download and install

İmportant: Make sure you UN-check Yes, install McAfee Security Scan Plus

İnstall For İE >> Adobe Flash Player 19 ActiveX ==>Download the Flash Player content debugger for Internet Explorer - ActiveX

İnstall For FF >> Adobe Flash Player 19 NPAPI ==>Download the Flash Player content debugger for Firefox - NPAPI
İnstall For Opera and Chrome >> Adobe Flash player applications PPAPI ==>Download the Flash Player content

 

Browsers restart and please do the following

 

Please now check and uninstall:

Adobe Flash Player 12 Plugin

====================================================

 Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 65
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

===================================================================================

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.


Edited by olgun52, 16 November 2015 - 07:28 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Loon123

Loon123
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 17 November 2015 - 12:14 AM

so many keygens! i will never include them in my computer again. pop ups seems to be gone, works great

 

C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe.18843.tmp a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\uTorrent\updates\3.3.2_30446.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\tempdownload\wpsetup (1).exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
C:\Users\Owner\Downloads\tempdownload\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
D:\Downloads\Autodesk Maya 2014 x64\Crack\xf-adsk32.7z a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
D:\Downloads\Autodesk Maya 2014 x64\Crack\xf-adsk64.7z a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
D:\Downloads\Autodesk Maya 2014 x64\Crack\xf-adsk64.exe a variant of Win32/Keygen.HA potentially unsafe application cleaned by deleting - quarantined
D:\Downloads\Digicel FlipBook ProHD 6.74 Software + Patch\Digicel FlipBook ProHD 6.74 Software + Patch.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined
D:\Downloads\Digicel FlipBook ProHD 6.74 Software + Patch\flipbook.prohd.v6.74-MPT.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting - quarantined
H:\sftim2013_x32.iso multiple threats deleted - quarantined
H:\3dsmax2012\3dsmax2012-pwbnicky.iso Win32/Keygen.BL potentially unsafe application deleted
H:\AUTODESK MAYA 2013 WIN32 - ISO [ds][H33T]\maya2013_x32.iso a variant of Win32/Keygen.HA potentially unsafe application deleted
H:\AUTODESK MAYA 2013 WIN64 - ISO [ds][H33T]\maya2013_x64.iso a variant of Win32/Keygen.HA potentially unsafe application deleted
H:\ddrive\BadBoy v4.2\BaDBoYv4.2.dll a variant of Win32/GameHack.Q potentially unsafe application cleaned by deleting - quarantined
H:\ddrive\BadBoy v4.2\BadBoy_v4.2.rar a variant of Win32/GameHack.Q potentially unsafe application deleted - quarantined
H:\maya2013\Crack\xf-maya2013_x32.exe a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
H:\maya201332\Crack\xf-maya2013_x32.exe a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
H:\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated)\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A potentially unsafe application deleted
H:\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated)\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A potentially unsafe application cleaned by deleting - quarantined
H:\tempdownload\coretemp (1).exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting - quarantined
H:\tempdownload\coretemp.exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting - quarantined
H:\tempdownload\wpsetup (1).exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
H:\tempdownload\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
H:\xsi\Crack\xf-si2013_x32.exe a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
H:\xsi\Crack\xf-si2013_x64.exe a variant of Win32/Keygen.HA potentially unsafe application deleted - quarantined
H:\xsi\x86\Softimage\Data1.cab a variant of Win32/Ponmocup.GG trojan deleted


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 17 November 2015 - 09:49 AM

 i will never include them in my computer again. pop ups seems to be gone, works great

Good to hear.

---------------------------
Thank you for your patience.  Please do the following:
Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg
 
next.....
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Note:  Some safety suggestions !
http://trmalwarefix.freeforums.net/t...ty-suggestions

Best regards.wave.gif Greetings.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users