Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/Varpes.J!plock


  • This topic is locked This topic is locked
32 replies to this topic

#1 molinamolin

molinamolin

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 03:26 PM

I have a Windows 7 Home Premium that was just infected with Trojan:Win32/Varpes.J!plock when i was try downloading movies from internet. when i restart the computer it reported that DNSAPI.dll was missing (Chrome, Origin, etc) and in the lower right corner, there was a message saying that this version of Windows 7 was not genuine (but it is). and also i can't browsing from any browser. since the virus detected on my computer

Windows Security Essentials reports it is in the file C:\Windows\system32\DNSAPI.dll. When I clicked the button to remove the file, I received the error 0x800704ec The program is blocked by group policy. I tried to remove it manually, but got the same error.

I have uninstall my latest program from control panel like shopperz that indicated the virus etc, and mse essentials still detected the virus that located in windows/system32/dnsapi.dll. but i can't delete the current file.
when i restart that a message that says DNSAPI.dll was missing.

Please anyone that could help me.
Thanks in advance!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 16 December 2015 - 03:35 PM

Hello 

molinamolin

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 03:54 PM

Hi. Thank you for the fast reply :) But the other problem is i can't open any browser, my connection is on at my mobile phone, but on my computer i can't open any browser to download the program. it seems like the virus also blocked my browser connection. so should i use another computer to download it?

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 16 December 2015 - 04:12 PM

Yes, download it to another computer and transfer it to yours. just make sure you put it on your desktop when you transfer it.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 09:58 PM

Hi.
I have following the steps.
Here i attached all the logs.
Thanks a bunch.

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 18 December 2015 - 12:22 PM

We need to find a replacement file on your system

Please do the following:

  •    
  • Run FRST64.

       
  • Type the following in the edit box after "Search:" so it looks like this:

        Search: dnsapi.dll


    Click Search button and post the log it makes to your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 02:00 PM

Hi Fireman4it.

Thanks for the reply.

 

 

Here is the result from the search.txt log :

 

Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by user (2015-12-19 01:52:40)
Running from C:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2012-12-17 01:46][2011-03-03 12:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2012-12-17 01:46][2011-03-03 12:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-21 10:24][2010-11-21 10:24] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2012-12-17 01:46][2011-03-03 13:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2012-12-17 01:46][2011-03-03 13:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-21 10:24][2010-11-21 10:24] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]

C:\Windows\System32\dnsapi.dll
[2012-12-17 01:46][2015-12-17 01:23] 0357888 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]

====== End of Search ======



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 18 December 2015 - 02:22 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.79KB   4 downloads

 

2.

Please reset all browsers:

To Reset Firefox

  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.

Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:



  •  
    • Bookmarks
    • Browsing history
    • Passwords
    • Cookies
    • Web form auto-fill information
    • Personal dictionary

--------------------

Reset IE back to the defaults.

  • Close any Internet Explorer or Windows Explorer windows that are currently open.
  • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.

-----------------

To reset Google Chrome

  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.

 

 

3.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

Things to include in your next reply::

Fixlog.txt

Eset log

Can you now access the internet on this computer? How is the machine running?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 03:47 PM

Hi Fireman4it.

 

Here's the fixlog.txt :

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by user (2015-12-19 02:30:48) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Replace: C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll C:\Windows\System32\dnsapi.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
insock: Catalog5 09 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\Osuvuakhef.dll [289112 2015-12-17] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Osuvuakhef.dll [289112 2015-12-17] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Osuvuakhef.dll [289112 2015-12-17] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Osuvuakhef.dll [289112 2015-12-17] ()
Winsock: Catalog9 16 C:\Windows\SysWOW64\Osuvuakhef.dll [289112 2015-12-17] ()
Winsock: Catalog5-x64 09 C:\Windows\system32\PrxerNsp.dll [57448 2012-11-22] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Osuvuakhef64.dll [375128 2015-12-17] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Osuvuakhef64.dll [375128 2015-12-17] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Osuvuakhef64.dll [375128 2015-12-17] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Osuvuakhef64.dll [375128 2015-12-17] ()
Winsock: Catalog9-x64 16 C:\Windows\system32\Osuvuakhef64.dll [375128 2015-12-17] ()
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: yourprofitclub -> {c3a026f0-0862-bf4e-af62-d8ea7813e9f9} -> C:\Windows\SysWow64\d9ca7563.dll => No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1450287622&z=f69bf85dc0dfc48c2f4ae14gezfwbebo4bbm9qac6g&from=exp1&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\Extensions\multifox@hultmann.xpi [2015-12-08] [not signed]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{062aed65-67ef-2ab2-2b38-5eead7df6fb0} [2015-11-04] [not signed]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{cdd8a298-186e-2db4-a8dc-d531148da15e} [2015-11-04] [not signed]
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-17] (Sysinternals process Explorer) <==== ATTENTION
S4 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 rizyqibe; C:\Program Files (x86)\AAAAAAAA-1450287836-AAAA-AAAA-448A5B90289A\jnso3042.tmp [X]
S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S2 wimynyme; C:\Program Files (x86)\AAAAAAAA-1450287836-AAAA-AAAA-448A5B90289A\knsj13C7.tmpfs [X]
S2 zizusyju; C:\Program Files (x86)\AAAAAAAA-1450287836-AAAA-AAAA-448A5B90289A\hnsj496F.tmp [X]
U3 a4foqbhj; C:\Windows\System32\Drivers\a4foqbhj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aptucps3; C:\Windows\System32\Drivers\aptucps3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S1 bgvipjdw; \??\C:\Windows\system32\drivers\bgvipjdw.sys [X]
S3 BKNDIS5; \??\C:\PROGRA~2\Belkin\F5D9050\BKNDIS5.SYS [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz135; \??\C:\Users\user\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 izpoiflm; \??\C:\Windows\system32\drivers\izpoiflm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 npkcusb; \??\D:\game\pc\game\langlang buana game\ragnarok\npkcusb.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 wcijhwvf; \??\C:\Windows\system32\drivers\wcijhwvf.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\user\AppData\Local\Temp\avgD8A1.exe
C:\Users\user\AppData\Local\Temp\avgE8D7.exe
C:\Users\user\AppData\Local\Temp\Bass.dll
C:\Users\user\AppData\Local\Temp\Bass.Net.dll
C:\Users\user\AppData\Local\Temp\bassmod.dll
C:\Users\user\AppData\Local\Temp\bH4NVmgtmI.exe
C:\Users\user\AppData\Local\Temp\gvq1l3jjcf.exe
C:\Users\user\AppData\Local\Temp\JqI5wT9KtR.exe
C:\Users\user\AppData\Local\Temp\kernel32.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\RNfsYAcnDu.exe
C:\Users\user\AppData\Local\Temp\tmpF5E1.tmp.exe
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\_is2C0.exe
C:\Users\user\AppData\Local\Temp\_is4F4A.exe
C:\Users\user\AppData\Local\Temp\_is5EE4.exe
C:\Users\user\AppData\Local\Temp\_is98E7.exe
C:\Users\user\AppData\Local\Temp\_isA40C.exe
C:\Users\user\AppData\Local\Temp\_isA825.exe
C:\Users\user\AppData\Local\Temp\_isBB26.exe
C:\Users\user\AppData\Local\Temp\_isC34E.exe
C:\Users\user\AppData\Local\Temp\_isE2C2.exe
*****************

"C:\Windows\SysWOW64\dnsapi.dll" => not found
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll copied successfully to C:\Windows\SysWOW64\dnsapi.dll
C:\Windows\System32\dnsapi.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll copied successfully to C:\Windows\System32\dnsapi.dll

=========  ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
insock: Catalog5 09 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] () => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3a026f0-0862-bf4e-af62-d8ea7813e9f9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{c3a026f0-0862-bf4e-af62-d8ea7813e9f9}" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\Extensions\multifox@hultmann.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{062aed65-67ef-2ab2-2b38-5eead7df6fb0} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{cdd8a298-186e-2db4-a8dc-d531148da15e} => moved successfully
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => service removed successfully
BingDesktopUpdate => service removed successfully
DigiRefresh => service removed successfully
rizyqibe => service removed successfully
SSFK => service removed successfully
wimynyme => service removed successfully
zizusyju => service removed successfully
a4foqbhj => service not found.
aptucps3 => service not found.
bgvipjdw => service removed successfully
BKNDIS5 => service removed successfully
BprotectEx => service removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
cpuz135 => service removed successfully
EagleX64 => service removed successfully
ewusbmbb => service removed successfully
ew_hwusbdev => service removed successfully
huawei_enumerator => service removed successfully
hwdatacard => service removed successfully
izpoiflm => service removed successfully
massfilter => service removed successfully
MSICDSetup => service removed successfully
npkcusb => service removed successfully
NTIOLib_1_0_C => service removed successfully
PCFApiUtil => service removed successfully
wcijhwvf => service removed successfully
WinRing0_1_2_0 => Unable to stop service.
WinRing0_1_2_0 => service removed successfully
X6va011 => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
C:\Users\user\AppData\Local\Temp\avgD8A1.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avgE8D7.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Bass.dll => moved successfully
C:\Users\user\AppData\Local\Temp\Bass.Net.dll => moved successfully
C:\Users\user\AppData\Local\Temp\bassmod.dll => moved successfully
C:\Users\user\AppData\Local\Temp\bH4NVmgtmI.exe => moved successfully
C:\Users\user\AppData\Local\Temp\gvq1l3jjcf.exe => moved successfully
C:\Users\user\AppData\Local\Temp\JqI5wT9KtR.exe => moved successfully
C:\Users\user\AppData\Local\Temp\kernel32.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\user\AppData\Local\Temp\RNfsYAcnDu.exe => moved successfully
C:\Users\user\AppData\Local\Temp\tmpF5E1.tmp.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_is2C0.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_is4F4A.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_is5EE4.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_is98E7.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_isA40C.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_isA825.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_isBB26.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_isC34E.exe => moved successfully
C:\Users\user\AppData\Local\Temp\_isE2C2.exe => moved successfully
EmptyTemp: => 8.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 02:31:56 ====

 

 

And for the Eset Online Scanner, now still scanning.

I will send it to you after the scan is done.

 

Anyway is it all clean already?

 

Thanks a lot, Fireman4it! You're cool!

I can do the browsing now, and also there's not "not genuine windows 7" sign anymore in the corner.

And the cool things is my C harddrive increased to 11 gb, before it was 3 gb only.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 18 December 2015 - 04:58 PM

Please post the Eset log along with running FRST again and posting the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 05:21 PM

ok thank you Fireman4it. now still scanning 55% with eset.



#12 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 18 December 2015 - 05:55 PM

Here is the new FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-12-2015 03
Ran by user (administrator) on DJALING-PC (19-12-2015 05:50:12)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Smartfren Connex CE682 UI\HEject.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\MSI\OTPService\OTPService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(StarWind Software) D:\program molin\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Beepa P/L) C:\Program Files (x86)\fraps\fraps.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Mike Edward Moras (www.e-sushi.net)) C:\Program Files (x86)\MiniBin\MiniBin.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() D:\program molin\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Beepa P/L) C:\Program Files (x86)\fraps\fraps64.dat
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-13] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MiniBin] => C:\Program Files (x86)\MiniBin\MiniBin.exe [71168 2014-03-22] (Mike Edward Moras (www.e-sushi.net))
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\program molin\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-07-25] (Tonec Inc.)
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\Run: [AlcoholAutomount] => D:\program molin\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {023946d6-d9b8-11e3-8623-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {06eaeadb-1ce8-11e3-a062-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1135e99d-7cc8-11e3-9246-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1135eaa5-7cc8-11e3-9246-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1135eadc-7cc8-11e3-9246-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1135eaf3-7cc8-11e3-9246-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {12af501f-adaf-11e3-9dfa-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {160c6deb-f157-11e3-90e5-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {160c6df9-f157-11e3-90e5-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1afb36f1-f376-11e3-b6f0-001e101f36d9} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1afb36ff-f376-11e3-b6f0-001e101f36d9} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1b8c2f85-559b-11e2-91fb-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1e770c32-d00f-11e3-8ed4-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1ee463fc-7c21-11e3-b1c7-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {1ee4640b-7c21-11e3-b1c7-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {36061ba6-8c78-11e5-89b8-4e65c72ed71c} - E:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {36061bb6-8c78-11e5-89b8-4e65c72ed71c} - E:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {3b3a06cb-f093-11e3-85e1-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {3b3a06d9-f093-11e3-85e1-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {3e8005a6-adb2-11e3-afd5-001e101f8ed0} - I:\LGAutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {46ed0f68-795c-11e3-9301-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {46ed0fbf-795c-11e3-9301-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {53fe2270-f306-11e3-8f33-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {53fe2288-f306-11e3-8f33-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {5d0f6786-45f9-11e2-a1d6-00224d9b58b8} - F:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {5d0f6798-45f9-11e2-a1d6-00224d9b58b8} - F:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {60c49e81-8d4e-11e2-9b08-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {613c6960-4168-11e3-877c-001e101f57d0} - J:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {6ab06c47-c764-11e2-affb-001e101f9843} - H:\Setup.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {7c973b23-ea33-11e3-a5dd-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {7c973b32-ea33-11e3-a5dd-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {805d7ee3-55c7-11e2-a808-00224d9b58b8} - F:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {82ead2bf-7e47-11e3-9442-001e101f9743} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {83544f00-a5ec-11e3-93bc-00224d9b58b8} - J:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {90ca5c92-eb43-11e3-9e1f-001e101fb670} - J:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {9871c750-550f-11e2-99f5-806e6f6e6963} - E:\EIProcessCaller.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {a0e2e37a-6f1f-11e3-b417-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {a0e2e388-6f1f-11e3-b417-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {a12a5105-02a2-11e4-942f-806e6f6e6963} - E:\DVDSetup.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {b64e2541-552d-11e2-a1f0-00224d9b58b8} - F:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {b78040ba-a832-11e2-92a3-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {bb9c32aa-9160-11e2-a21c-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {c449d215-64d3-11e3-bef4-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {c788cab3-d929-11e3-8d4e-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {c788cb70-d929-11e3-8d4e-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {cbac01fb-62ef-11e3-84cc-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {cbac020a-62ef-11e3-84cc-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {cecbaaa0-d150-11e4-9d73-448a5b90289a} - E:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {cecbaaaf-d150-11e4-9d73-448a5b90289a} - E:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {d97dcd41-7208-11e3-87ff-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {db10007e-8a15-11e3-a8f7-001e101f8ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {db100095-8a15-11e3-a8f7-001e101f8ed0} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {dd1c006a-7d7b-11e3-830f-00224d9b58b8} - I:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {dd1c0079-7d7b-11e3-830f-00224d9b58b8} - J:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {e20e76ee-4621-11e2-b81c-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\MountPoints2: {fd220008-927c-11e2-9336-00224d9b58b8} - H:\AutoRun.exe
HKU\S-1-5-21-3234128947-111302303-3011224593-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177600 2015-11-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Athan.exe - Shortcut.lnk [2015-10-16]
ShortcutTarget: Athan.exe - Shortcut.lnk -> C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0A73CA07-2358-45FA-B75B-AF74C2AA6112}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{0A73CA07-2358-45FA-B75B-AF74C2AA6112}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{0D59458E-BD5C-4999-BB64-7E90DA3E6D03}: [DhcpNameServer] 202.159.24.46 202.159.123.46 8.8.8.8
Tcpip\..\Interfaces\{176EB170-0E9A-4CCE-ABCC-A8D34CE8F72B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5CA1D68F-9982-4334-99EE-5B4E29A736A6}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130947932788369441&GUID=2533D11E-7ABC-47A0-B577-4F120F9DAE3F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130947932788369441&GUID=2533D11E-7ABC-47A0-B577-4F120F9DAE3F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3234128947-111302303-3011224593-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3234128947-111302303-3011224593-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\adobe collection cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\adobe collection cs5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499
FF NewTab: hxxp://www.istartpageing.com/newtab/?type=nt&ts=1450289785&z=8c03029f77711c51a5107a5gazewcedo0bbt1m7t8z&from=cmi&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN
FF DefaultSearchEngine: yoursearching
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: yoursearching
FF SelectedSearchEngine,S:
FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=1450287622&z=f69bf85dc0dfc48c2f4ae14gezfwbebo4bbm9qac6g&from=exp1&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-12-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> H:\game\pc\game\langlang buana game\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-08-14] (Reto-Moto ApS)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-12-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-25] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3234128947-111302303-3011224593-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3234128947-111302303-3011224593-1000: ubisoft.com/uplaypc -> H:\game\pc\game\yabuy game\trial evolutions\datapack\orbit\npuplaypc.dll [No File]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\searchplugins\yoursearching.xml [2015-12-17]
FF Extension: Adobe Contribute Toolbar - D:\adobe collection cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-09-02] [not signed]
FF Extension: IDM integration - C:\Users\user\AppData\Roaming\IDM\idmmzcc7 [2015-08-02]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-23]
FF Extension: FirefixTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\deskCutv2@gmail.com [2015-12-17] [not signed]
FF Extension: YahooToolsProtected  - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\yahooprotected@gmail.com [2015-12-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{BF2F463A-FBB4-4A49-8917-A322A5D6C224}] - C:\Program Files\shopperz161220151502\Firefox\{BF2F463A-FBB4-4A49-8917-A322A5D6C224}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\adobe collection cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\yahooprotected@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{BF2F463A-FBB4-4A49-8917-A322A5D6C224}] - C:\Program Files\shopperz161220151502\Firefox\{BF2F463A-FBB4-4A49-8917-A322A5D6C224}.xpi => not found
FF HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc7
FF HKU\S-1-5-21-3234128947-111302303-3011224593-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-12-19] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=1450287622&z=f69bf85dc0dfc48c2f4ae14gezfwbebo4bbm9qac6g&from=exp1&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN
CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1450287622&z=f69bf85dc0dfc48c2f4ae14gezfwbebo4bbm9qac6g&from=exp1&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Intel� Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel� Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Heroes & Generals) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-03]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-10-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: () - C:\Users\user\AppData\Local\Camera Download\Component [2015-12-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKU\S-1-5-21-3234128947-111302303-3011224593-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-03]
CHR HKU\S-1-5-21-3234128947-111302303-3011224593-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PTNE6L65OJM2AHTB7WYSYENP2M - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.delta-homes.com/?type=sc&ts=1437649765&z=<!DOCTYPE html>
<html>
<head>
    <noscript>
        <meta http-equiv=refreshcontent=0;URL=hxxp://ads.telkomsel.com/ads-request?t=3&j=0&i=177145290&a=hxxp://www.delta-homes.com/logic/z.php/>
    </noscript>
    <link href=hxxp://ads.telkomsel.com:8004/COMMON/css/ibn.css rel=stylesheet type=text/css />
</head>
<body>
    <script type=text/javascript>
        p={'t':'3', 'i':'177145290'};
        d='';
    </script>
    <script type=text/javascript>
        var b=location;
        setTimeout(function(){
            if(typeof window.iframe=='undefined'){
                b.href=b.href;
            }
        },15000);
    </script>
    <script src=hxxp://ads.telkomsel.com:8004/COMMON/js/if_20140604.min.js></script>
    <script src=hxxp://ads.telkomsel.com:8004/COMMON/js/ibn_20141104.min.js></script>
</body>
</html>

&from=wpm07233&uid=INTELXSSDSC2CT120A3XXXXXXXXXXXXXXXXXXX_CVMP243300NC120BGN

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-03-25] (Adobe Systems) [File not signed]
S2 AxAutoMntSrv; D:\program molin\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-25] (BitRaider, LLC)
R2 CDROM_Eject_H; C:\Program Files\Smartfren Connex CE682 UI\HEject.exe [267776 2011-12-20] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 MSI_OTPService; C:\Program Files (x86)\MSI\OTPService\OTPService.exe [252432 2012-04-12] ()
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-13] (NVIDIA Corporation)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-07-21] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 StarWindServiceAE; D:\program molin\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [838224 2015-10-15] (Valve Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-11-29] ()
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-06-25] (BitRaider)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-17] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [51200 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 GM3305Fltr; C:\Windows\System32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
S3 GM3305Fltr; C:\Windows\SysWOW64\drivers\GM3305Fltr.sys [8064 2012-03-28] (LXD Development, Inc.) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27120 2013-09-26] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 L6PODHD4; C:\Windows\System32\Drivers\L6PODHD464.sys [772096 2012-07-11] (Line 6)
S3 L6UX2; C:\Windows\System32\Drivers\L6UX264.sys [772224 2012-08-22] (Line 6)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-11-29] ()
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_T; C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 SgamingkbFltr; C:\Windows\System32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-10] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_H.sys [28160 2011-04-08] ()
S3 USB_BusEnum_H; C:\Windows\System32\DRIVERS\USB_BusEnum_H.sys [44544 2009-11-05] ()
S3 USB_ETS_H; C:\Windows\System32\DRIVERS\USB_ETS_H.sys [21760 2008-05-30] (Via Telecom, Inc.)
S3 USB_WinMux_H; C:\Windows\System32\DRIVERS\USB_WinMux_H.sys [37376 2009-10-27] ()
U3 ah376v77; C:\Windows\System32\Drivers\ah376v77.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 ang50kvi; C:\Windows\System32\Drivers\ang50kvi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 05:49 - 2015-12-19 05:49 - 00038956 _____ C:\Users\user\Desktop\ESETlog.txt
2015-12-19 05:48 - 2015-12-19 05:48 - 00038956 _____ C:\Users\user\Desktop\esetlscanlog.txt
2015-12-19 02:49 - 2015-12-19 02:49 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-19 02:30 - 2015-12-19 02:31 - 00012978 _____ C:\Users\user\Desktop\Fixlog.txt
2015-12-19 02:30 - 2011-03-03 12:12 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-12-19 01:52 - 2015-12-19 01:55 - 00001922 _____ C:\Users\user\Desktop\Search.txt
2015-12-17 09:51 - 2015-12-17 09:51 - 00239839 _____ C:\Users\user\Desktop\Addition.txt
2015-12-17 09:50 - 2015-12-19 05:50 - 00041399 _____ C:\Users\user\Desktop\FRST.txt
2015-12-17 09:50 - 2015-12-19 05:50 - 00000000 ____D C:\FRST
2015-12-17 09:33 - 2015-12-18 10:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-17 09:33 - 2015-12-18 09:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-17 09:33 - 2015-12-17 09:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-17 09:30 - 2015-12-18 09:59 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-17 09:29 - 2015-12-18 10:10 - 00000000 ____D C:\Users\user\Desktop\mbar
2015-12-17 09:27 - 2015-12-17 09:27 - 16563352 ____N (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.09.3.1001.exe
2015-12-17 09:27 - 2015-12-17 02:04 - 23273717 ____N C:\Users\user\Desktop\Malwarebytes.Anti-Malware.2.2.0.1024.kuyhAa.rar
2015-12-17 09:19 - 2015-12-17 02:06 - 02370048 ____N (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-12-17 01:21 - 2015-12-17 01:21 - 00003152 _____ C:\Windows\System32\Tasks\{8EEF1B75-F654-4E48-A858-76C12405D774}
2015-12-17 01:17 - 2015-12-17 01:17 - 00004712 _____ C:\Windows\SysWOW64\Osuvuakhef.ini
2015-12-17 01:17 - 2015-12-17 01:17 - 00002424 _____ C:\Windows\SysWOW64\OsuvuakhefOff.ini
2015-12-17 01:17 - 2015-12-17 01:17 - 00002424 _____ C:\Windows\system32\OsuvuakhefOff.ini
2015-12-17 01:16 - 2015-12-17 01:17 - 00000000 ____D C:\Users\user\AppData\Local\Tempfolder
2015-12-17 01:16 - 2015-12-17 01:16 - 00003336 _____ C:\Windows\System32\Tasks\Sictekco
2015-12-17 01:16 - 2015-12-17 01:16 - 00000000 ____D C:\Windows\system32\fij
2015-12-17 01:16 - 2015-12-17 01:16 - 00000000 ____D C:\Users\user\AppData\Roaming\TarweuMips
2015-12-17 01:16 - 2015-12-17 01:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\Company
2015-12-17 01:16 - 2015-12-17 01:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-17 01:16 - 2015-12-17 01:16 - 00000000 ____D C:\uninst
2015-12-17 01:16 - 2015-12-17 01:03 - 00375128 _____ C:\Windows\system32\Osuvuakhef64.dll
2015-12-17 01:16 - 2015-12-17 01:03 - 00289112 _____ C:\Windows\SysWOW64\Osuvuakhef.dll
2015-12-17 00:51 - 2015-12-17 00:51 - 00003154 _____ C:\Windows\System32\Tasks\{F73F46C7-18DF-40CA-83D1-B107B330735C}
2015-12-17 00:45 - 2015-12-19 05:44 - 00000000 ____D C:\Users\user\AppData\Local\AAAAAAAA-1450313122-AAAA-AAAA-448A5B90289A
2015-12-17 00:44 - 2015-12-17 00:44 - 00000000 ____D C:\Users\user\AppData\Roaming\SimpleFiles
2015-12-17 00:44 - 2015-12-17 00:43 - 00001409 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-17 00:41 - 2015-12-19 05:44 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-17 00:32 - 2015-12-17 00:32 - 00000030 _____ C:\Users\user\Desktop\zombie movie.txt
2015-12-16 22:00 - 2015-12-16 22:00 - 00000013 _____ C:\Users\user\Desktop\psx game must have.txt
2015-12-16 20:04 - 2015-12-17 01:16 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-11 07:06 - 2015-12-11 07:06 - 00000000 ____D C:\Users\user\AppData\LocalLow\Kiloo Games
2015-12-11 05:37 - 2015-12-11 05:37 - 00000786 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-12-11 05:37 - 2015-12-11 05:37 - 00000000 ____D C:\Users\user\AppData\Roaming\GRETECH
2015-12-11 05:37 - 2015-12-11 05:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-12-11 05:37 - 2015-12-11 05:37 - 00000000 ____D C:\ProgramData\GRETECH
2015-12-11 01:45 - 2015-12-11 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2015-12-10 17:05 - 2015-12-10 17:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Nero
2015-12-10 17:04 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\Nero
2015-12-10 17:02 - 2015-12-10 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2015-12-10 17:02 - 2015-12-10 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-12-10 16:43 - 2015-12-10 16:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Canneverbe Limited
2015-12-10 16:43 - 2015-12-10 16:43 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-12-10 15:50 - 2015-12-10 15:50 - 00000012 _____ C:\Windows\explorer.exe.local
2015-12-10 15:50 - 2009-07-14 08:11 - 00005812 _____ C:\Windows\ws2help.dll
2015-12-10 14:56 - 2015-12-10 14:56 - 00000000 ____D C:\Users\user\Documents\Alcohol 120%
2015-12-10 00:54 - 2015-11-25 01:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-10 00:53 - 2015-11-25 06:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-10 00:53 - 2015-11-25 06:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00422056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-10 00:53 - 2015-11-25 06:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-10 00:35 - 2015-11-13 01:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-12-05 17:37 - 2015-12-19 02:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f48fddfff78.job
2015-12-05 17:37 - 2015-12-05 17:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12f48fddfff78
2015-12-03 14:52 - 2015-12-19 02:34 - 00003180 _____ C:\Windows\System32\Tasks\FRAPS
2015-12-02 16:04 - 2015-12-19 02:34 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-11-30 23:33 - 2015-12-08 23:21 - 00000000 ____D C:\Users\user\AppData\Local\Fallout4
2015-11-29 19:21 - 2015-11-29 19:21 - 00314016 _____ C:\Windows\system32\Drivers\atksgt.sys
2015-11-29 19:21 - 2015-11-29 19:21 - 00043680 _____ C:\Windows\system32\Drivers\lirsgt.sys
2015-11-29 19:19 - 2015-11-29 19:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Prison Break
2015-11-29 19:16 - 2015-11-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2015-11-29 18:57 - 2015-11-29 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\11bitstudios
2015-11-29 18:55 - 2015-11-29 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
2015-11-29 18:39 - 2015-11-29 18:39 - 00000000 ____D C:\Users\user\AppData\Roaming\MK10
2015-11-29 17:37 - 2015-11-29 17:37 - 00000000 ____D C:\Users\user\AppData\Local\BANDAI NAMCO Games
2015-11-29 17:28 - 2015-11-29 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse
2015-11-28 04:50 - 2015-12-01 15:43 - 00000028 _____ C:\Windows\OutLog.txt
2015-11-28 04:44 - 2015-12-10 16:42 - 00000124 _____ C:\Users\user\Documents\ax_files.xml
2015-11-28 04:19 - 2015-11-28 04:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2015-11-28 03:00 - 2015-11-28 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.0
2015-11-28 02:59 - 2014-04-04 00:42 - 03382440 _____ C:\Windows\system32\BootMan.exe
2015-11-28 02:59 - 2014-04-04 00:25 - 02499752 _____ C:\Windows\SysWOW64\BootMan.exe
2015-11-28 02:59 - 2013-03-07 09:49 - 00100936 _____ C:\Windows\system32\setupempdrvx64.exe
2015-11-28 02:59 - 2013-03-07 09:49 - 00087112 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2015-11-28 02:59 - 2013-03-07 09:49 - 00019840 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2015-11-28 02:59 - 2013-03-07 09:49 - 00017480 _____ C:\Windows\system32\epmntdrv.sys
2015-11-28 02:59 - 2013-03-07 09:49 - 00016256 _____ C:\Windows\system32\EuEpmGdi.dll
2015-11-28 02:59 - 2013-03-07 09:49 - 00014920 _____ C:\Windows\SysWOW64\epmntdrv.sys
2015-11-28 02:59 - 2013-03-07 09:49 - 00009800 _____ C:\Windows\system32\EuGdiDrv.sys
2015-11-28 02:59 - 2013-03-07 09:49 - 00009160 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2015-11-26 22:24 - 2015-12-07 16:51 - 00000000 ____D C:\Users\user\Documents\WWE2K15
2015-11-26 22:00 - 2015-11-26 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K15
2015-11-23 09:13 - 2015-11-25 06:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-23 09:13 - 2015-11-16 10:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-23 09:13 - 2015-11-16 10:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-21 20:04 - 2015-11-21 20:04 - 00000000 ____D C:\My Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 05:50 - 2014-07-04 14:34 - 00000021 _____ C:\Users\user\AppData\Roaming\config_data.dat
2015-12-19 05:47 - 2014-01-16 10:14 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-12-19 05:44 - 2014-06-11 12:12 - 00000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
2015-12-19 05:42 - 2014-06-27 14:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 04:51 - 2015-11-11 07:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 02:56 - 2009-07-14 11:45 - 00032912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-19 02:56 - 2009-07-14 11:45 - 00032912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-19 02:53 - 2009-07-14 10:20 - 00000000 ____D C:\Windows
2015-12-19 02:49 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-19 02:43 - 2009-07-14 12:13 - 00006266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-19 02:42 - 2013-05-20 11:39 - 00000000 ____D C:\Users\user\AppData\Roaming\StarTrekPC
2015-12-19 02:34 - 2013-08-01 04:13 - 00000000 ____D C:\Program Files (x86)\fraps
2015-12-19 02:33 - 2014-06-27 14:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 02:33 - 2012-12-14 16:33 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-19 02:33 - 2012-01-02 01:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-19 02:33 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-19 02:32 - 2012-12-14 16:45 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2015-12-19 02:31 - 2013-05-27 10:47 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2015-12-18 10:29 - 2015-09-01 19:18 - 00644622 _____ C:\Windows\ntbtlog.txt
2015-12-17 13:00 - 2013-08-01 04:43 - 05017888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-17 09:47 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\schemas
2015-12-17 09:34 - 2015-07-23 18:09 - 00000000 ____D C:\ProgramData\gWinManProg
2015-12-17 09:18 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-17 01:31 - 2015-11-04 13:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-17 01:31 - 2015-07-27 03:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-17 01:22 - 2013-12-14 09:01 - 00000987 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-17 00:52 - 2015-11-11 07:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-17 00:52 - 2013-03-15 20:55 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-17 00:52 - 2013-01-14 00:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-17 00:41 - 2015-08-28 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\15 Days
2015-12-17 00:41 - 2014-07-07 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-17 00:41 - 2013-07-06 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-12-17 00:41 - 2013-01-19 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Indonesia
2015-12-16 17:17 - 2012-12-14 16:33 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-15 20:25 - 2014-12-21 00:55 - 00000000 ____D C:\Users\user\Downloads\Video
2015-12-15 17:50 - 2012-12-14 16:45 - 00000000 ____D C:\Users\user\Downloads\Compressed
2015-12-11 06:58 - 2014-06-30 12:25 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-12-11 05:50 - 2014-07-17 22:29 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-12-11 01:46 - 2012-12-15 03:47 - 00000000 ____D C:\Users\user\Documents\My Games
2015-12-11 01:46 - 2012-12-15 01:25 - 00000000 ____D C:\Users\user\AppData\Local\SKIDROW
2015-12-10 17:04 - 2012-12-14 16:45 - 00000000 ____D C:\ProgramData\Nero
2015-12-10 17:04 - 2012-12-14 16:45 - 00000000 ____D C:\Program Files (x86)\Nero
2015-12-10 00:54 - 2013-07-20 23:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-10 00:54 - 2013-04-29 20:42 - 00000000 ____D C:\temp
2015-12-10 00:54 - 2012-12-14 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-10 00:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2015-12-10 00:35 - 2013-11-20 06:39 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2015-12-09 10:39 - 2010-11-21 10:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 22:44 - 2012-12-16 15:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Celemony Software GmbH
2015-12-05 17:37 - 2014-06-27 14:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:37 - 2014-06-27 14:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 00:58 - 2013-11-10 00:43 - 00000000 ____D C:\Users\user\Documents\Nexus Mod Manager
2015-12-05 00:57 - 2013-01-03 18:22 - 00000000 ____D C:\Users\user\AppData\Local\Skyrim
2015-12-05 00:56 - 2014-06-28 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-11-29 19:16 - 2012-12-14 16:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-29 17:46 - 2013-07-29 15:54 - 00000000 ____D C:\Users\user\Documents\Outlook Files
2015-11-28 13:44 - 2009-07-14 12:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-27 22:40 - 2013-11-19 16:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-26 22:19 - 2013-11-20 07:51 - 00000000 ____D C:\Users\user\Documents\WB Games
2015-11-25 06:10 - 2015-09-06 04:35 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-25 06:10 - 2015-09-01 20:25 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-25 06:10 - 2015-09-01 20:25 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-25 06:10 - 2015-09-01 20:25 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-25 06:10 - 2015-09-01 20:25 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-25 06:10 - 2013-07-02 12:09 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-25 06:10 - 2013-07-02 12:09 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-25 05:01 - 2015-08-03 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-25 01:40 - 2014-11-10 00:42 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-25 01:40 - 2013-07-20 23:25 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-25 01:40 - 2013-07-20 23:25 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-25 01:40 - 2013-07-20 23:25 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-25 01:40 - 2013-07-20 23:25 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-25 01:40 - 2013-07-20 23:25 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-24 20:05 - 2014-06-08 18:21 - 00000000 ____D C:\Users\user\AppData\Local\Arma 3
2015-11-23 21:28 - 2014-02-09 06:22 - 00000000 ____D C:\Users\user\Documents\KONAMI
2015-11-23 21:28 - 2013-03-27 14:05 - 00000000 ____D C:\ProgramData\KONAMI
2015-11-23 17:38 - 2013-07-20 23:25 - 06049858 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2014-07-04 14:34 - 2015-12-19 05:50 - 0000021 _____ () C:\Users\user\AppData\Roaming\config_data.dat
2014-07-06 16:43 - 2014-07-06 16:43 - 0095527 _____ () C:\Users\user\AppData\Roaming\icarus-dxdiag.xml
2013-06-12 12:46 - 2014-10-20 03:10 - 0000032 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2013-08-15 08:52 - 2013-08-19 05:35 - 0000040 _____ () C:\Users\user\AppData\Roaming\TheHunterSettings_live.cfg
2013-08-15 04:49 - 2013-08-15 09:32 - 0000043 _____ () C:\Users\user\AppData\Roaming\TheHunterSettings_local.cfg
2013-05-27 22:39 - 2013-12-11 12:40 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-24 12:55 - 2013-11-24 12:55 - 0000000 ___SH () C:\Users\user\AppData\Local\LumaEmu
2013-11-02 19:42 - 2014-07-16 02:16 - 0007597 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\user\AppData\Local\setup.txt
2013-06-12 12:46 - 2014-10-20 03:10 - 0000032 _____ () C:\ProgramData\autobk.inc
2012-07-25 16:01 - 2012-07-25 16:01 - 0002081 _____ () C:\ProgramData\ENG.2012-07.pl.nicolasgames_B05A5A11-F525-40DF-AE67-58228603B921.swidtag

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 00:32

==================== End of FRST.txt ============================

 

 

 

And the. ESETlog.txt :

 

 

C:\Users\All Users\InstallMate\{043C8F20-8668-4D07-AFEC-CE4ADFDFADD6}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{0AF009E6-5FF5-41AC-A347-17D7D1132B10}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{0E2B042B-EB18-4F79-AD92-A33AD5C826DD}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{2FAFC5CC-2E72-4091-A27A-6650F44CE73A}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{3D07818F-100F-4B0E-A9E5-582DE6E4A379}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{499A5E7D-EA78-461E-A4F5-A25A92797C8B}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
C:\Users\All Users\InstallMate\{4B2EF47C-2B0A-4BD0-A93B-632890CDD68A}\Custom.dll    Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{578766D1-44D3-48FA-AA11-0CF18C644427}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{BE00F8DE-5F29-425C-A0B7-170B65E3DA28}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{FCF83D70-0898-4D30-AFDB-40BA271B1F86}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\Tmp0x0x\ProtectWindowsManager.exe    a variant of Win32/ELEX.GF potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseToSave\sprotector.dll.vir    Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseToSave\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\continuetosave\sprotector.dll.vir    Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\continuetosave\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\EFUpdater.exe.vir    a variant of Win32/YourFileDownloader.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\ExpressFiles.exe.vir    a variant of Win32/ExpressFiles.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir    MSIL/AdvancedSystemProtector.D potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavePass\SavePass-nova.dll.vir    a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveShare\sprotector.dll.vir    Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveShare\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SimpleSpeedy\sprotector.dll.vir    a variant of Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SimpleSpeedy\uninstall.exe.vir    a variant of Win32/SProtector.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir    a variant of Win32/ELEX.BU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir    Win32/ELEX.BF potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir    a variant of Win32/ELEX.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Browise22ssave\51784a20e23d3.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Browsee22saaeviee\51785639ca784.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT2707060\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\conTinuEtosaavee\51a94f5d70fc6.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\18508.dat.vir    Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\32834.dat.vir    a variant of Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\EpicScale.exe.vir    Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\7z.dll.vir    a variant of Win32/EpicScale.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\Client7z.dat.vir    a variant of Win32/EpicScale.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\EpicScale.dat.vir    a variant of Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\EpicScale.exe.vir    a variant of Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\EpicScalePL.exe.vir    a variant of Win32/EpicScale.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\Nova.dat.vir    a variant of Win32/EpicScale.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\epicscale\0\Probe.dll.vir    a variant of Win32/EpicScale.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir    a variant of Win32/ELEX.AB potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\517856b71223b.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\51a94fa20984d.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WPM\update\update.exe.vir    a variant of Win32/ELEX.BD potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\WinZipper\update\zip_update_v1.5.83.exe.vir    a variant of Win32/ELEX.BI potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\avgD8A1.exe.xBAD    a variant of MSIL/Adware.Imali.C application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\avgE8D7.exe.xBAD    a variant of MSIL/Adware.Imali.C application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\bH4NVmgtmI.exe.xBAD    multiple threats    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{043C8F20-8668-4D07-AFEC-CE4ADFDFADD6}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{0AF009E6-5FF5-41AC-A347-17D7D1132B10}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{0E2B042B-EB18-4F79-AD92-A33AD5C826DD}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{2FAFC5CC-2E72-4091-A27A-6650F44CE73A}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{3D07818F-100F-4B0E-A9E5-582DE6E4A379}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{499A5E7D-EA78-461E-A4F5-A25A92797C8B}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{4B2EF47C-2B0A-4BD0-A93B-632890CDD68A}\Custom.dll    Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{578766D1-44D3-48FA-AA11-0CF18C644427}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{BE00F8DE-5F29-425C-A0B7-170B65E3DA28}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{FCF83D70-0898-4D30-AFDB-40BA271B1F86}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe    a variant of Win32/ELEX.GF potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\AppData\Local\AAAAAAAA-1450313122-AAAA-AAAA-448A5B90289A\onsp4EED.tmp    a variant of Win32/Adware.ConvertAd.PZ application    cleaned by deleting - quarantined
C:\Users\user\AppData\Local\AAAAAAAA-1450313122-AAAA-AAAA-448A5B90289A\rnsp4EEC.exe    a variant of Win32/Adware.ConvertAd.PU application    cleaned by deleting - quarantined
C:\Users\user\AppData\Local\AAAAAAAA-1450313122-AAAA-AAAA-448A5B90289A\snsz4EDB.tmp    a variant of Win32/Adware.ConvertAd.ACK application    cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Camera Download\Bin\CameraDownload.dll    a variant of Win32/Toolbar.CrossRider.CY potentially unwanted application    cleaned by deleting (after the next restart) - quarantined
C:\Users\user\AppData\Local\Camera Download\Bin\qoawvvu.dll    a variant of MSIL/Toolbar.CrossRider.A potentially unwanted application    cleaned by deleting (after the next restart) - quarantined
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\BitTorrent\updates\7.9.2_31638.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk    Win32/Adware.ADON potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk    Win32/Adware.ADON potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wjz6cjoy.default-1403789796499\extensions\yahooprotected@gmail.com\chrome\content\jquery-2.1.0.min.js    Win32/Toolbar.TNT2.I potentially unwanted application    cleaned by deleting - quarantined
C:\Users\user\Downloads\Night_of_the_Living_Dead_1990_720p_BRRip_XviD_INFERNO_downloader.exe    a variant of Win32/ExpressDownloader.P.gen potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\SysWOW64\hreenfuaaa.exe    Win32/Adware.RON.FSV application    cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-3234128947-111302303-3011224593-1000\$RIP2S6P.v2-3DM\files\steamclient64.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-3234128947-111302303-3011224593-1000\$RVOTTQU.v2-3DM\files\3dmgame.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-3234128947-111302303-3011224593-1000\$RVOTTQU.v2-3DM\files\steamclient64.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\fixes,trainers,updates\bound by flame\trainers\BOUND.BY.FLAME.PLUS11TRN.XIAOXING\Bound.By.Flame.All.Versions.tr11-XiaoXing.exe    a variant of Win32/FlyStudio.HackTool.A potentially unwanted application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\fixes,trainers,updates\bound by flame\trainers\BOUND.BY.FLAME.PLUS5TRN.DENKA003\Bound By Flame + 5 v1.0.0.0.exe    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\fixes,trainers,updates\dead rising 3\update\update 1 & crack\Crack-3DM\steam_api64.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\fixes,trainers,updates\far cry 4\update\1.3\SKIDROW\uplay_r1_loader64.dll    a variant of Win32/Packed.VMProtect.ABR trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\fixes,trainers,updates\state of decay\trainers\STATE.OF.DECAY.V1.1.ALL.WALMART.NODVD\steam_api.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\source\nfs rivals\crack\NEED.FOR.SPEED.R.V1.0.ALL.3DM.NODVD\NFS14_x86.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\source\nfs rivals\crack\NEED.FOR.SPEED.R.V1.1.ALL.3DM.NODVD\nfs14.3dm.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\source\nfs rivals\crack\NEED.FOR.SPEED.R.V1.1.ALL.3DM.NODVD\NFS14.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\source\nfs rivals\crack\NEED.FOR.SPEED.R.V1.1.ALL.3DM.NODVD\NFS14_x86.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\game\pc\source\nfs rivals\crack\Need.for.Speed.Rivals.X86.and.X64.Crack.Only\Need.for.Speed.Rivals.X86.and.X64.Crack.Only\Crack\NFS14_x86.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\BitTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\EFinstaller.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\ExtremeFlashPlayer_Dsnr_Installer.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
D:\backup hardisk hitam wd\prog\source\any\flvplayer4free_setup.exe    Win32/Somoto potentially unwanted application    deleted - quarantined
D:\backup hardisk hitam wd\prog\source\any\HSS-2.78-install-download-80-conduit.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
D:\backup hardisk hitam wd\prog\source\any\setup.exe    Win32/InstalleRex.J potentially unwanted application    deleted - quarantined
D:\backup hardisk hitam wd\prog\source\any\Slate_Digital_FG-X_Mastering_Processor_VST_RTAS_v1.1.2_downloader_id_99260.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\CCleaner Professional v4.02.4115 Incl Crack\ccsetup402.exe    NSIS/TrojanDownloader.Adload.N trojan    deleted - quarantined
D:\backup hardisk hitam wd\prog\source\any\internet\alat perang internet\MDMA Edited\MDMA Edited.exe    Win32/Packed.Autoit.H suspicious application    cleaned by deleting - quarantined
D:\backup hardisk hitam wd\prog\source\any\utorrent turbo booster\uTorrentTurboBooster_installer.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
H:\document\dokumen dan bacaan\pdf\fallout nv cheat\Fallout  New Vegas Cheats, Codes, Cheat Codes, Unique Weapons, Walkthrough, Guide, FAQ, Unlockables for PC_files\det.js    JS/Trackware.Agent.A potentially unwanted application    cleaned by deleting - quarantined
H:\document\internet\molin\Cara Menghilangkan Jamur (Bintik Hitam) Pada Pakaian - Berbagi Cara, Berbagi Rasa_files\a.htm    HTML/Refresh.BC trojan    cleaned by deleting - quarantined
H:\document\walkthrough\ether one\GameFAQs  ETHER One (PC) Walkthrough by Wings_of_Pink_files\det.js    JS/Trackware.Agent.A potentially unwanted application    cleaned by deleting - quarantined
H:\game\emulator\utilities\emu source\ps 3\PSeMu3_Setup.exe    multiple threats    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\Child of Light\CHILD.OF.LIGHT.PLUS19TRN.LINGON\ChildOfLight+19Tr-LNG_v1-0.30640.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\Enemy Front\Bin32\ENEMY.FRONT.PLUS8TRN.LINGON\EnemyFront+8Tr-LNG_v1.0.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\Enemy Front\Bin32\ENEMY.FRONT.PLUS9TRN.XIAOXING\Enemy.Front.All.Versions.tr9-XiaoXing.exe    a variant of Win32/FlyStudio.HackTool.A potentially unwanted application    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\metal gear solid V\3dmgame.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\metal gear solid V\steamclient64.dll    a variant of Win32/Packed.VMProtect.AAA trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\need for speed rival\nfs14.3dm.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\need for speed rival\NFS14.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\need for speed rival\NFS14_x86.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\need for speed rival\trainer v1\NFS_Rivals+6Tr_LNG_x86.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\game\pc\game\yabuy game\The Forest\steam_api.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting - quarantined
H:\molin work captcha\software\multiid\free software\xiaoa\Megatypers_Affiliate_Software_v15.09.03.2\Megatypers_Affiliate_Software_v15.09.03.2\Register.exe    a variant of Generik.CWXVYLB trojan    cleaned by deleting - quarantined
H:\mp3\Al-Qur'anul Karim\Al-Qur'anul Karim.bat    BAT/BadJoke.AP trojan    cleaned by deleting - quarantined
H:\mp3\Al-Qur'anul Karim\Abu Hawariyah\Abu Hawariyah.bat    BAT/BadJoke.AP trojan    cleaned by deleting - quarantined
Operating memory    a variant of Win32/Toolbar.CrossRider.CY potentially unwanted application    deleted (after the next restart) - quarantined
 



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 20 December 2015 - 05:21 PM

Please follow the complete instructions on this page for removing Istartpageing.com. Once you have done this please post a new FRST log for my review.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 21 December 2015 - 10:06 AM

Hi Fireman4it. 

I have read the instructions, not yet all. But for you information i dont have "istartpageing.com" program on my control panel, is it been hide?



#15 molinamolin

molinamolin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 21 December 2015 - 10:17 AM

And also before i read your instructions, when i restart my computer, there a command box "There was a problem starting C:\Users\user\AppData\Local\CameraDownload\Bin\CameraDownload.dll. The specific module could not be found"

 

 

What is that mean anyway?

 

Thanks in advance






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users