Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

programs for Malware removal unable to open, computer is very slow


  • This topic is locked This topic is locked
16 replies to this topic

#1 OishiBandyopadhyay

OishiBandyopadhyay

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 08:39 AM

I tried to run Malwarebytes anti-malware program after going through the forum. The program is unable to open. Similar is the case with microsoft security essentials, it closes every time I start the scan. Apart from this my laptop is very slow and too many pop-ups and redirection takes place on my chrome.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Oishi (administrator) on OISHI-PC (10-01-2016 18:55:55)
Running from C:\Users\Oishi\Downloads
Loaded Profiles: Oishi (Available Profiles: Oishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AutoIt Team) C:\GoogleChrome\GoogleChrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Jetico, Inc.) C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe
() C:\Users\Oishi\AppData\Roaming\DllServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sky123.Org) C:\Program Files (x86)\Tencent\win.exe
(VMware, Inc.) D:\VMware\vmware-tray.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Softcomp Software\privoxy.exe
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
(VMware, Inc.) D:\VMware\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
() D:\VMware\vmware-hostd.exe
Failed to access process -> WUDFHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_in_005010028] => [X]
HKLM-x32\...\Run: [gmsd_in_005010032] => [X]
HKLM-x32\...\Run: [gmsd_in_005010035] => [X]
HKLM-x32\...\Run: [win] => C:\Program Files (x86)\Tencent\win.exe [184320 2015-11-15] (Sky123.Org)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMware\vmware-tray.exe [114368 2015-02-06] (VMware, Inc.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [TornTv Downloader] => C:\Users\Oishi\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [BitTorrent] => C:\Users\Oishi\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [792 2015-04-10] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk [744 2015-03-28] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [853744 2015-03-25] (AutoIt Team)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Client Server Runtime Process] => C:\Users\Oishi\AppData\Roaming\csrss.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Oishi\AppData\Roaming\csrss.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Service Host Process for Windows] => C:\Users\Oishi\AppData\Roaming\svchost.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [HCDNClient] => "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [GoogleChromeAutoLaunch_65558500AD2D8B45825879B925C738C1] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [GoogleChromeAutoLaunch_CE13C8D82A839C0220B70C2DF2280570] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [{F836D22C-C97C-4A94-B3AF-3074AEF17C55}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\FAEHZVABB').SBVWNVQYS)));
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [syshost32] => C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe [288768 2015-10-12] (Jetico, Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [5e442893fd8d3815ac0f31193a1fdabd] => C:\Users\Oishi\AppData\Roaming\DllServer.exe [24064 2015-12-20] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvddl.exe <===== ATTENTION
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: {2ac01269-44e8-11e5-8080-08edb91c550c} - M:\LaunchU3.exe -a
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: {2ac0131e-44e8-11e5-8080-08edb91c550c} - H:\Setup.exe
Startup: C:\Users\Oishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Learning OMNeT++ [PDF]~StormRG~.lnk [2015-03-13]
ShortcutTarget: Learning OMNeT++ [PDF]~StormRG~.lnk -> C:\ProgramData\{b909ab22-0160-bab3-b909-9ab22016ac88}\Learning OMNeT++ [PDF]~StormRG~.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49763;https=127.0.0.1:49763;
ProxyEnable: [S-1-5-21-4091964856-1131281766-1042438202-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-4091964856-1131281766-1042438202-1000] => 127.0.0.1:8118
AutoConfigURL: [S-1-5-21-4091964856-1131281766-1042438202-1000] => hxxp://stopblock.me/wpad.dat?0183599c81ba65864f09ce3e071a53e3273698
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D0FEE91-58D5-4923-8E64-885E543528D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449921653
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchdominion.info/?l=1&q={searchTerms}&pid=22194&r=2015/03/13&hid=10921619979478274896&lg=EN&cc=IN
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-31] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll => No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-31] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> D:\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-4091964856-1131281766-1042438202-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449662439"
CHR Profile: C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-26]
CHR Extension: (Google Docs) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-09]
CHR Extension: (Skype) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-26]
CHR Extension: (Gmail) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-26]
CHR Extension: (Download Cooking) - C:\Users\Oishi\AppData\Local\Download Cooking\Component [2016-01-08]
CHR Profile: C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (aalnjolghjkkogicompabhhbbkljnlka) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aalnjolghjkkogicompabhhbbkljnlka [2015-07-27]
CHR Extension: (Google Slides) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Google Docs) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Google Search) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Google Sheets) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-29]
CHR Extension: (Skype) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR Extension: (Gmail) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR Extension: (Download Cooking) - C:\Users\Oishi\AppData\Local\Download Cooking\Component [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 PrivoxyService; C:\Program Files (x86)\Softcomp Software\privoxy.exe [371200 2016-01-05] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 vicoqudu; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp [165376 2015-07-12] () [File not signed]
R2 VMAuthdService; D:\VMware\vmware-authd.exe [87744 2015-02-06] (VMware, Inc.)
R2 VMwareHostd; D:\VMware\vmware-hostd.exe [12730048 2015-02-06] ()
R2 VSSS; C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [100186304 2015-06-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros) [File not signed]
R2 zejytose; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp [199168 2015-07-12] () [File not signed]
S2 3c2d81f8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\CutterInstance\CutterInstance.dll",serv
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QQPCRtp.exe" -r [X]
S2 siwomyqe; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsiBD77.tmp [X]
S2 Sweet Crazy; "C:\Program Files (x86)\Sweet Crazy\Sweet Crazy.exe" [X]
S2 Util Coupon Time; "C:\Program Files (x86)\Coupon Time\bin\utilCouponTime.exe" [X]
S2 wewygyko; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsn1252.tmp [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [26232 2014-08-22] (Ekahau Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-11-24] (电脑管家)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QMUdisk64.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\TsDefenseBT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 18:55 - 2016-01-10 18:57 - 00028257 _____ C:\Users\Oishi\Downloads\FRST.txt
2016-01-10 18:54 - 2016-01-10 18:55 - 00000000 ____D C:\FRST
2016-01-10 18:52 - 2016-01-10 18:53 - 02370560 _____ (Farbar) C:\Users\Oishi\Downloads\FRST64.exe
2016-01-10 18:43 - 2016-01-10 18:43 - 00000000 ___RD C:\Users\Oishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-09 23:48 - 2016-01-09 23:48 - 01415680 _____ (wj32) C:\Program Files\SXZ138A0.exe
2016-01-09 22:22 - 2016-01-09 22:22 - 01415680 _____ (wj32) C:\Program Files\F3NBVFZ3.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 01415680 _____ (wj32) C:\Program Files\Z7S19I3B.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 01415680 _____ (wj32) C:\Program Files\X9LX9P9P.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\NOUKKL7G.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\8GPXIRZ8.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\5DM7F09H.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\Z7G19I9R.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\V3CX5EMM.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\KY7F09HZ.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\AIRZKT1J.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 01415680 _____ (wj32) C:\Program Files\SUWLNSRW.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 01415680 _____ (wj32) C:\Program Files\G19I3BK5.exe
2016-01-09 00:34 - 2016-01-09 00:34 - 00007647 _____ C:\Users\Oishi\Downloads\Modern.Family.S07E01.720p.HDTV.x264-BATV%5BEtHD%5D.torrent
2016-01-08 17:44 - 2016-01-08 17:44 - 03990929 _____ C:\Users\Oishi\Downloads\Gravitys-rainbow-Thomas-Pynchon.pdf
2016-01-08 17:43 - 2016-01-08 17:43 - 01415680 _____ (wj32) C:\Program Files\MK7LM0K9.exe
2016-01-08 17:43 - 2016-01-08 17:43 - 01415680 _____ (wj32) C:\Program Files\HIZDUY9K.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 01415680 _____ (wj32) C:\Program Files\TGRV0NDA.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 01415680 _____ (wj32) C:\Program Files\P9W0WJFA.exe
2016-01-08 17:41 - 2014-05-14 21:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-08 17:41 - 2014-05-14 21:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-08 17:41 - 2014-05-14 21:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-08 17:41 - 2014-05-14 21:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-08 17:41 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-08 17:41 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-08 17:41 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-08 17:41 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 01415680 _____ (wj32) C:\Program Files\VZM6A3N9.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 01415680 _____ (wj32) C:\Program Files\GINPEGL8.exe
2016-01-08 17:39 - 2016-01-08 17:39 - 01415680 _____ (wj32) C:\Program Files\SE7TF2UL.exe
2016-01-08 17:39 - 2016-01-08 17:39 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-08 17:39 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-08 17:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-08 17:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-08 17:38 - 2016-01-08 17:39 - 22908888 _____ (Malwarebytes ) C:\Users\Oishi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 17:32 - 2016-01-08 17:32 - 01415680 _____ (wj32) C:\Program Files\1357CE3T.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 01415680 _____ (wj32) C:\Program Files\92OAWPBX.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-08 17:29 - 2016-01-08 17:29 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-08 17:29 - 2016-01-08 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-01-08 17:28 - 2016-01-08 17:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-01-08 17:28 - 2016-01-08 17:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Oishi\Downloads\mseinstall.exe
2016-01-08 15:56 - 2016-01-08 15:56 - 00026701 _____ C:\Users\Oishi\Downloads\ethershield_v1.1_for_arduino_v1.0.zip
2016-01-08 15:38 - 2016-01-10 18:43 - 00000000 ____D C:\Users\Oishi\Documents\Bluetooth Folder
2016-01-08 15:16 - 2016-01-08 15:16 - 00084585 _____ C:\Users\Oishi\Downloads\Ethercard-Library.zip
2016-01-08 15:03 - 2016-01-08 15:05 - 00076288 ___SH C:\Users\Oishi\Documents\Thumbs.db
2016-01-08 13:10 - 2016-01-08 13:10 - 00000000 ____D C:\Users\Public\Documents\OneWire
2016-01-08 13:02 - 2016-01-08 13:02 - 00000000 ____D C:\Users\Public\Documents\ethercard
2016-01-08 12:26 - 2016-01-08 12:26 - 00104769 _____ C:\Users\Oishi\Downloads\arduino_uip-master.zip
2016-01-08 12:24 - 2016-01-08 12:24 - 00073758 _____ C:\Users\Oishi\Downloads\EtherShield-Library.zip
2016-01-07 12:14 - 2016-01-07 12:14 - 00036232 _____ C:\Users\Oishi\Downloads\-2.4-Ghz-RF-Transceibrver-CC2500-RM1178-BY-ROBOMART-January-7-2016-6-44-am.pdf
2016-01-07 11:54 - 2016-01-07 12:10 - 00000000 ____D C:\Users\Oishi\Desktop\WearableDevice
2016-01-06 16:54 - 2016-01-06 16:54 - 00000000 ____D C:\Users\Oishi\Downloads\crop
2016-01-06 11:25 - 2016-01-06 11:25 - 00000000 ____H C:\Users\Oishi\AppData\Local\BITF354.tmp
2016-01-06 11:24 - 2016-01-06 11:25 - 00000000 _____ C:\Users\Oishi\AppData\Local\{F18A4C0A-BBB0-44BD-83D7-F76F644DB84E}
2016-01-06 11:23 - 2016-01-06 11:23 - 01415680 _____ (wj32) C:\Program Files\6EN8GPAI.exe
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 ____D C:\ProgramData\Alwil Software
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 ____D C:\Program Files\Alwil Software
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2016-01-05 21:13 - 2010-06-29 02:27 - 00165032 _____ (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2016-01-04 15:24 - 2016-01-04 15:25 - 00021218 _____ C:\Users\Oishi\Downloads\RemoteCodes.txt
2016-01-04 13:09 - 2016-01-04 13:09 - 00016726 _____ C:\Users\Oishi\Downloads\[kat.cr]avast.internet.security.premier.antivirus.2016.build.11.1.2245.keys.4realtorrentz.torrent
2016-01-04 13:06 - 2016-01-04 13:06 - 00014053 _____ C:\Users\Oishi\Downloads\B4C2476FA385501B53A3A6D2293E514874888486.torrent
2016-01-04 13:01 - 2016-01-04 13:01 - 00025791 _____ C:\Users\Oishi\Downloads\Avast+Pro+Antivirus+2014+v9.0.2016+Final+%2B+License.torrent
2016-01-04 11:07 - 2016-01-04 11:07 - 08662358 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt(Autosaved).pdf
2016-01-03 20:34 - 2016-01-03 20:34 - 00042846 _____ C:\Users\Oishi\Downloads\sherlock-special-the-abominable-bride_english-1251628.zip
2016-01-03 18:36 - 2016-01-03 18:36 - 00017854 _____ C:\Users\Oishi\Downloads\2CA9B50944FDA29A6313944C81C866662BA16A3F.torrent
2015-12-31 21:45 - 2015-12-31 21:45 - 00044275 _____ C:\Users\Oishi\Downloads\8-mile-english-yify-36580.zip
2015-12-31 16:53 - 2015-12-31 16:53 - 00008870 _____ C:\Users\Oishi\Downloads\[otorrents.com]Woman-In-Gold-2015-720p.torrent
2015-12-30 16:16 - 2016-01-08 12:56 - 00000000 ____D C:\Users\Oishi\AppData\Local\ElevatedDiagnostics
2015-12-29 17:09 - 2015-12-29 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doxygen
2015-12-29 17:08 - 2015-12-29 17:08 - 00000000 ____D C:\Program Files\doxygen
2015-12-29 17:04 - 2015-12-29 17:08 - 25051066 _____ (Dimitri van Heesch ) C:\Users\Oishi\Downloads\doxygen-1.8.10-setup.exe
2015-12-29 12:31 - 2015-12-29 12:31 - 00000000 ____D C:\Users\Oishi\AppData\Local\BenchMarkTool
2015-12-29 12:30 - 2015-12-29 13:19 - 00000000 ____D C:\Users\Oishi\AppData\Local\MirrorOp_Lite
2015-12-29 12:30 - 2015-12-29 12:30 - 00001969 _____ C:\Users\Public\Desktop\MirrorOp Lite.lnk
2015-12-29 12:30 - 2015-12-29 12:30 - 00000744 _____ C:\Windows\SysWOW64\VACUninstall.lnk
2015-12-29 12:30 - 2015-12-29 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MirrorOp Lite
2015-12-29 12:30 - 2015-12-29 12:30 - 00000000 ____D C:\Program Files (x86)\MirrorOp Lite
2015-12-29 12:29 - 2015-12-29 12:30 - 02958961 _____ ( ) C:\Users\Oishi\Downloads\MirroOpLite_Setup_v1012.exe
2015-12-23 17:30 - 2015-12-23 17:34 - 08657369 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt.pdf
2015-12-23 17:13 - 2015-12-23 17:13 - 05256812 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt.epub
2015-12-23 12:34 - 2015-12-23 12:34 - 00000000 ____H C:\Users\Oishi\Documents\Default.rdp
2015-12-22 16:33 - 2015-12-22 16:33 - 00086528 _____ C:\Users\Oishi\Downloads\Intro-TinyOS.ppt
2015-12-22 16:29 - 2015-12-22 16:29 - 01530368 _____ C:\Users\Oishi\Downloads\Mao-Xufei-How_to_Code_on_TinyOS.ppt
2015-12-21 11:20 - 2015-12-21 11:20 - 01544274 _____ C:\Users\Oishi\Downloads\Beyond Software Architecture.pdf
2015-12-20 20:08 - 2015-12-21 11:06 - 00725684 _____ C:\Users\Oishi\Downloads\JN-DS-JN5168MO-1v2.pdf
2015-12-20 18:28 - 2015-12-20 18:28 - 00024064 _____ C:\Users\Oishi\AppData\Roaming\DllServer.exe
2015-12-20 13:57 - 2015-12-20 13:57 - 00003284 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e11.hdtv.x264.lol.ettv.torrent
2015-12-20 13:57 - 2015-12-20 13:57 - 00003199 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e09.hdtv.x264.lol.ettv.torrent
2015-12-20 13:57 - 2015-12-20 13:57 - 00003088 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e10.hdtv.x264.lol.ettv.torrent
2015-12-20 12:52 - 2015-12-20 12:52 - 00003524 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e08.hdtv.x264.lol.ettv.torrent
2015-12-20 11:15 - 2015-12-20 11:15 - 00003234 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e07.hdtv.x264.lol.ettv.torrent
2015-12-19 21:28 - 2015-12-19 21:28 - 00003762 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e06.hdtv.x264.lol.ettv.torrent
2015-12-19 20:05 - 2015-12-19 20:05 - 00003075 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e05.hdtv.x264.lol.ettv.torrent
2015-12-18 20:31 - 2015-12-18 20:31 - 00003155 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e04.hdtv.x264.lol.ettv.torrent
2015-12-18 20:29 - 2015-12-18 20:29 - 00004296 _____ C:\Users\Oishi\Downloads\Gotham.S02E03.HDTV.x264-LOL.torrent
2015-12-18 13:25 - 2015-12-18 13:26 - 02184854 _____ C:\Users\Oishi\Downloads\The_Contiki_Netstack.pdf
2015-12-17 15:32 - 2015-12-17 15:33 - 00498176 _____ C:\Users\Oishi\Downloads\day8a.ppt
2015-12-16 17:04 - 2015-12-16 17:04 - 00536576 _____ C:\Users\Oishi\Downloads\lecture6.ppt
2015-12-16 11:43 - 2015-12-16 11:43 - 00446141 _____ C:\Users\Oishi\Downloads\09034-ISN-WP-1-ContikiandTinyOS(D16).pdf
2015-12-16 11:09 - 2015-12-16 11:13 - 04051456 _____ C:\Users\Oishi\Downloads\2-3_ZigBee.ppt
2015-12-15 21:34 - 2015-12-15 21:34 - 00023719 _____ C:\Users\Oishi\Downloads\[otorrents.com]True-Detective-Season-2-2015-720p.torrent
2015-12-15 14:40 - 2016-01-10 17:12 - 00003272 _____ C:\Windows\System32\Tasks\Softcomp Software Job
2015-12-15 14:40 - 2015-12-15 14:40 - 00000000 ____D C:\Program Files (x86)\Softcomp Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 18:56 - 2014-12-15 09:26 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\BitTorrent
2016-01-10 18:55 - 2009-07-14 08:50 - 00000000 ____D C:\Windows
2016-01-10 18:47 - 2015-07-14 20:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 18:45 - 2014-12-12 22:34 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\Skype
2016-01-10 17:15 - 2014-12-12 23:45 - 00000486 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2016-01-10 17:12 - 2015-11-24 11:02 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-01-10 17:11 - 2015-07-15 20:48 - 00000354 _____ C:\Windows\Tasks\ProMeditate.job
2016-01-10 00:47 - 2015-07-14 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 22:28 - 2009-07-14 10:15 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 22:28 - 2009-07-14 10:15 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 22:26 - 2009-07-14 10:43 - 00718036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 22:26 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-01-09 22:21 - 2014-12-15 13:15 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\vlc
2016-01-09 22:20 - 2015-11-24 00:10 - 00000000 ____D C:\ProgramData\VMware
2016-01-09 22:18 - 2015-12-03 18:35 - 00000000 ____D C:\Users\Oishi\AppData\LocalLow\BitTorrent
2016-01-09 22:18 - 2015-07-24 10:19 - 00001024 _____ C:\ProgramData\ProgramData.lnk
2016-01-09 22:18 - 2015-07-24 10:19 - 00001024 _____ C:\ProgramData\My Music.lnk
2016-01-09 22:17 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-08 16:44 - 2014-12-12 23:51 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\Nitro PDF
2016-01-08 16:33 - 2015-12-09 13:01 - 00000000 ____D C:\Users\Oishi\AppData\Local\Arduino15
2016-01-08 16:11 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-01-08 15:32 - 2009-07-14 08:50 - 00000000 ____D C:\Users\Public\Libraries
2016-01-08 11:03 - 2015-07-15 20:54 - 00000000 ____D C:\Users\Oishi\AppData\Local\CrashDumps
2016-01-04 11:13 - 2015-11-28 01:05 - 00000000 ____D C:\Users\Oishi\AppData\Local\VMware
2016-01-04 11:13 - 2015-11-28 00:56 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\VMware
2015-12-29 15:26 - 2009-07-14 10:38 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-17 11:08 - 2015-02-04 17:51 - 423109993 _____ C:\Windows\MEMORY.DMP
2015-12-17 11:08 - 2015-02-04 17:51 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2016-01-08 17:32 - 2016-01-08 17:32 - 1415680 _____ (wj32) C:\Program Files\1357CE3T.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\5DM7F09H.exe
2016-01-06 11:23 - 2016-01-06 11:23 - 1415680 _____ (wj32) C:\Program Files\6EN8GPAI.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\8GPXIRZ8.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 1415680 _____ (wj32) C:\Program Files\92OAWPBX.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\AIRZKT1J.exe
2015-04-16 21:57 - 2011-12-22 19:26 - 0057675 _____ () C:\Program Files\Default.htm
2015-04-16 21:57 - 2011-12-22 19:26 - 0101849 _____ () C:\Program Files\Demos.htm
2016-01-09 22:22 - 2016-01-09 22:22 - 1415680 _____ (wj32) C:\Program Files\F3NBVFZ3.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 1415680 _____ (wj32) C:\Program Files\G19I3BK5.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 1415680 _____ (wj32) C:\Program Files\GINPEGL8.exe
2016-01-08 17:43 - 2016-01-08 17:43 - 1415680 _____ (wj32) C:\Program Files\HIZDUY9K.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\KY7F09HZ.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0172289 _____ () C:\Program Files\Labs.htm
2016-01-08 17:43 - 2016-01-08 17:43 - 1415680 _____ (wj32) C:\Program Files\MK7LM0K9.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\NOUKKL7G.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 1415680 _____ (wj32) C:\Program Files\P9W0WJFA.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0005557 _____ () C:\Program Files\Prerequisites.htm
2015-04-16 22:06 - 2011-12-22 19:26 - 0130608 _____ () C:\Program Files\Presentations.htm
2016-01-08 17:39 - 2016-01-08 17:39 - 1415680 _____ (wj32) C:\Program Files\SE7TF2UL.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 1415680 _____ (wj32) C:\Program Files\SUWLNSRW.exe
2016-01-09 23:48 - 2016-01-09 23:48 - 1415680 _____ (wj32) C:\Program Files\SXZ138A0.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0091725 _____ () C:\Program Files\TableOfContents.htm
2016-01-08 17:42 - 2016-01-08 17:42 - 1415680 _____ (wj32) C:\Program Files\TGRV0NDA.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\V3CX5EMM.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0106261 _____ () C:\Program Files\Videos.htm
2016-01-08 17:40 - 2016-01-08 17:40 - 1415680 _____ (wj32) C:\Program Files\VZM6A3N9.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 1415680 _____ (wj32) C:\Program Files\X9LX9P9P.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\Z7G19I9R.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 1415680 _____ (wj32) C:\Program Files\Z7S19I3B.exe
2015-09-02 17:11 - 2015-09-02 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\1855.tmp
2015-08-29 17:54 - 2015-08-29 17:54 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\38F1.tmp
2015-09-06 17:56 - 2015-09-06 17:56 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\413A.tmp
2015-08-30 17:11 - 2015-08-30 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\512C.tmp
2015-08-28 17:11 - 2015-08-28 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\65AF.tmp
2015-09-04 19:27 - 2015-09-04 19:27 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\71E.tmp
2015-09-03 17:11 - 2015-09-03 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\77AE.tmp
2015-09-05 22:42 - 2015-09-05 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\8DE9.tmp
2015-08-30 22:42 - 2015-08-30 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9218.tmp
2015-09-07 22:42 - 2015-09-07 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\92F2.tmp
2015-09-04 22:47 - 2015-09-04 22:47 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\952E.tmp
2015-09-02 22:46 - 2015-09-02 22:46 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\95E3.tmp
2015-09-02 22:56 - 2015-09-02 22:56 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9788.tmp
2015-08-31 22:42 - 2015-08-31 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9E.tmp
2015-05-21 16:53 - 2015-07-14 20:32 - 0000024 _____ () C:\Users\Oishi\AppData\Roaming\appdataFr25.bin
2015-02-01 20:57 - 2015-04-01 12:37 - 0000020 _____ () C:\Users\Oishi\AppData\Roaming\appdataFr3.bin
2015-08-28 22:42 - 2015-08-28 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\B693.tmp
2015-09-03 22:42 - 2015-09-03 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\CD04.tmp
2015-12-20 18:28 - 2015-12-20 18:28 - 0024064 _____ () C:\Users\Oishi\AppData\Roaming\DllServer.exe
2015-08-26 22:42 - 2015-08-26 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\E5F5.tmp
2015-09-04 19:17 - 2015-09-04 19:17 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\F8DC.tmp
2015-09-01 18:12 - 2015-09-01 18:12 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\FE91.tmp
2015-05-29 11:39 - 2015-05-29 11:38 - 0073728 ____N () C:\Users\Oishi\AppData\Roaming\rundll32.exe
2016-01-06 11:25 - 2016-01-06 11:25 - 0000000 ____H () C:\Users\Oishi\AppData\Local\BITF354.tmp
2015-07-16 20:41 - 2015-07-16 20:41 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsc1AF3.tmp
2015-07-20 18:11 - 2015-07-20 18:11 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsm2478.tmp
2015-11-24 10:35 - 2015-11-24 10:35 - 0333506 _____ (AnySend.com) C:\Users\Oishi\AppData\Local\nssDEBC.tmp
2015-07-14 08:08 - 2015-07-14 08:08 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsuC302.tmp
2015-07-20 18:06 - 2015-07-20 18:06 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsvB732.tmp
2015-03-15 13:50 - 2015-05-09 09:50 - 0000800 _____ () C:\Users\Oishi\AppData\Local\Temp-log.txt
2015-05-22 07:23 - 2015-05-22 07:23 - 0000000 _____ () C:\Users\Oishi\AppData\Local\Temp.dat
2016-01-06 11:24 - 2016-01-06 11:25 - 0000000 _____ () C:\Users\Oishi\AppData\Local\{F18A4C0A-BBB0-44BD-83D7-F76F644DB84E}
2010-11-21 08:54 - 2010-11-21 08:54 - 91762688 ___SH (Bronto Software) C:\ProgramData\msnjusfhx.exe
2010-11-21 08:54 - 2010-11-21 08:54 - 72313216 ___SH () C:\ProgramData\msvddl.exe
2015-07-24 10:19 - 2016-01-09 22:18 - 0001024 _____ () C:\ProgramData\My Music.lnk
2015-07-24 10:19 - 2016-01-09 22:18 - 0001024 _____ () C:\ProgramData\ProgramData.lnk
 
Files to move or delete:
====================
C:\ProgramData\msnjusfhx.exe
C:\ProgramData\msvddl.exe
 
 
Some files in TEMP:
====================
C:\Users\Oishi\AppData\Local\Temp\2785.exe
C:\Users\Oishi\AppData\Local\Temp\318.exe
C:\Users\Oishi\AppData\Local\Temp\9485.exe
C:\Users\Oishi\AppData\Local\Temp\avg7684.exe
C:\Users\Oishi\AppData\Local\Temp\bedhdicjca.exe
C:\Users\Oishi\AppData\Local\Temp\bedhdjdhca.exe
C:\Users\Oishi\AppData\Local\Temp\bjg21B.exe
C:\Users\Oishi\AppData\Local\Temp\cdo109402372.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1243033039.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1461118420.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1496286639.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1510122650.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1929176771.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2294592185.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2541422562.dll
C:\Users\Oishi\AppData\Local\Temp\cdo266767624.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2754623748.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2853370808.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2956289631.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3136869178.dll
C:\Users\Oishi\AppData\Local\Temp\cdo328622288.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3304684881.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3669696246.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3772786717.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3926933226.dll
C:\Users\Oishi\AppData\Local\Temp\cdo414031479.dll
C:\Users\Oishi\AppData\Local\Temp\cdo497798347.dll
C:\Users\Oishi\AppData\Local\Temp\cdo647646295.dll
C:\Users\Oishi\AppData\Local\Temp\cdo810978537.dll
C:\Users\Oishi\AppData\Local\Temp\D335.exe
C:\Users\Oishi\AppData\Local\Temp\DE76.exe
C:\Users\Oishi\AppData\Local\Temp\fsd4D16.exe
C:\Users\Oishi\AppData\Local\Temp\fsdC13C.exe
C:\Users\Oishi\AppData\Local\Temp\fsdE0CD.exe
C:\Users\Oishi\AppData\Local\Temp\fsdE945.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55AF816D0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55B0D2ED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55BA2CF30.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55BE130B0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55CB37970.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55CDF06D0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55D0A7D90.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55DDA7CC0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E048ED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E2EBED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E59D410.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd56499E930.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd564C68630.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd564F0B630.exe
C:\Users\Oishi\AppData\Local\Temp\gp_up_324832.exe
C:\Users\Oishi\AppData\Local\Temp\Hibiki.dll
C:\Users\Oishi\AppData\Local\Temp\hp_u2_1309.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u2_1350.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1270.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1285.exe
C:\Users\Oishi\AppData\Local\Temp\hp_up_2329329.exe
C:\Users\Oishi\AppData\Local\Temp\hp_up_53523222.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_0508.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_232322.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23232323.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23248383.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23828328.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_2_323232.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_439343.exe
C:\Users\Oishi\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Oishi\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Oishi\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Oishi\AppData\Local\Temp\nrDlTBFGX4.exe
C:\Users\Oishi\AppData\Local\Temp\prappahykc.exe
C:\Users\Oishi\AppData\Local\Temp\qqpcmgr_v10.10.16444.223_8885765_Silence.exe
C:\Users\Oishi\AppData\Local\Temp\Ra8Qgxz6p7.exe
C:\Users\Oishi\AppData\Local\Temp\Ruby.exe
C:\Users\Oishi\AppData\Local\Temp\setacl.exe
C:\Users\Oishi\AppData\Local\Temp\Setup-2-.exe
C:\Users\Oishi\AppData\Local\Temp\setup3.exe
C:\Users\Oishi\AppData\Local\Temp\sfextra.dll
C:\Users\Oishi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oishi\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Oishi\AppData\Local\Temp\soiygu3.exe
C:\Users\Oishi\AppData\Local\Temp\tmpEAA5.tmp.exe
C:\Users\Oishi\AppData\Local\Temp\ttv.exe
C:\Users\Oishi\AppData\Local\Temp\tu17p84.exe
C:\Users\Oishi\AppData\Local\Temp\Uninstall.exe
C:\Users\Oishi\AppData\Local\Temp\UpdateYTD_amodcG20141226.exe
C:\Users\Oishi\AppData\Local\Temp\VLX_Player.exe
C:\Users\Oishi\AppData\Local\Temp\war of lies__10924_i1555372624_il1421709.exe
C:\Users\Oishi\AppData\Local\Temp\ytdieamo_amodc_setup.exe
C:\Users\Oishi\AppData\Local\Temp\ytd_sysmenu_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 14:18
 

==================== End of FRST.txt ============================[attachment=175280:Addition.txt] 

 

 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 10 January 2016 - 08:47 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 08:59 AM

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java version 32-bit out of Date! 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 


#4 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 09:59 AM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4198785024, free: 2293014528
 
Downloaded database version: v2016.01.10.01
Host not found
Downloaded database version: v2016.01.10.01
Downloaded database version: v2016.01.09.01
Downloaded database version: v2016.01.08.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/10/2016 19:40:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\ekaprot6.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\kprocesshacker.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.01.10.01
  rootkit: v2016.01.09.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004769060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046079a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004769060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004108520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004105060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BAF0215
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 102398247
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 102399998  Numsec = 874352002
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005983790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005506b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005983790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005509b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe --> [Ransom.FileCryptor]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|syshost32 --> [Ransom.FileCryptor]
Infected: C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe --> [Ransom.FileCryptor]
Infected: C:\Users\Oishi\AppData\Roaming\DllServer.exe --> [Backdoor.Bladabindi.Generic]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|5e442893fd8d3815ac0f31193a1fdabd --> [Backdoor.Bladabindi.Generic]
Infected: C:\Users\Oishi\AppData\Roaming\DllServer.exe --> [Backdoor.Bladabindi.Generic]
Infected: HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F} --> [Adware.1ClickDownloader]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F} --> [Adware.1ClickDownloader]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F} --> [Adware.1ClickDownloader]
Infected: C:\Users\Oishi\AppData\Roaming\rundll32.exe --> [Trojan.MalPack]
Infected: C:\Users\Oishi\AppData\Local\Temp\ttv.exe --> [Adware.Agent]
Infected: C:\Users\Oishi\AppData\Local\Temp\h_u2_32992.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\GPUpd55B0D2ED0.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_232322.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_23232323.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_23248383.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_23828328.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_2_323232.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u_439343.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\prappahykc.exe --> [Backdoor.Bladabindi.Generic]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_up_53523222.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u2_1309.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_u2_1350.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1270.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1285.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\hp_up_2329329.exe --> [Backdoor.Agent.WD]
Infected: C:\Users\Oishi\AppData\Local\Temp\stA4FB.tmp\sqlite3.dll --> [FraudTool.YAC]
Infected: C:\Users\Oishi\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_154.exe --> [Trojan.Dropper.MSIL]
Infected: C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe --> [Trojan.Agent.SVS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VSSS --> [Trojan.Agent.SVS]
Infected: C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe --> [Trojan.Agent.SVS]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl --> [Hijack.AutoConfigURL.ShrtCln]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Client Server Runtime Process --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Host-process Windows (Rundll32.exe) --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Service Host Process for Windows --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\CLASSES\GeePlayer.dir --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\CLASSES\APPLICATIONS\GeePlayer.exe --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPLICATIONS\GeePlayer.exe --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\GeePlayer.dir --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPLICATIONS\GeePlayer.exe --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe --> [Adware.ChinAd]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|win --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Tencent\win.exe --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Tencent\win.exe --> [Trojan.Downloader]
Scan finished
 


#5 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 10 January 2016 - 10:05 AM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 12 January 2016 - 02:48 AM

help me remove the trojans for now.



#7 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 12 January 2016 - 04:13 AM

Hello,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

Note: Your first run of FRST was from: Running from C:\Users\Oishi\Downloads
 
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
EmptyTemp:
Download Cooking (HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.1.1 - Bus Virtual corp) <==== ATTENTION
B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
SystemSustainer (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3c2d81f8}) (Version:  - SystemSustainer) <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
C:\ProgramData\msnjusfhx.exe 
C:\ProgramData\msvddl.exe
Failed to access process -> csrss.exe 
Failed to access process -> csrss.exe 
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp
() C:\Users\Oishi\AppData\Roaming\DllServer.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [5e442893fd8d3815ac0f31193a1fdabd] => C:\Users\Oishi\AppData\Roaming\DllServer.exe [24064 2015-12-20] ()
C:\Users\Oishi\AppData\Roaming\DllServer.exe
R2 zejytose; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp 
C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
[199168 2015-07-12] () [File not signed] 
S2 3c2d81f8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\CutterInstance\CutterInstance.dll",serv
c:\Program Files (x86)\CutterInstance\CutterInstance.dll
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Client Server Runtime Process] => C:\Users\Oishi\AppData\Roaming\csrss.exe 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Oishi\AppData\Roaming\csrss.exe 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvddl.exe <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
ProxyEnable: [.DEFAULT] => Proxy is enabled. 
ProxyServer: [.DEFAULT] => http=127.0.0.1:49763;https=127.0.0.1:49763; 
ProxyEnable: [S-1-5-21-4091964856-1131281766-1042438202-1000] => Proxy is enabled. 
ProxyServer: [S-1-5-21-4091964856-1131281766-1042438202-1000] => 127.0.0.1:8118 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchdominion.info/?l=1&q={searchTerms}&pid=22194&r=2015/03/13&hid=10921619979478274896&lg=EN&cc=IN 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449662439"
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QQPCRtp.exe" -r [X] 
S2 siwomyqe; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsiBD77.tmp [X] 
S2 Sweet Crazy; "C:\Program Files (x86)\Sweet Crazy\Sweet Crazy.exe" [X] 
S2 Util Coupon Time; "C:\Program Files (x86)\Coupon Time\bin\utilCouponTime.exe" [X] 
S2 wewygyko; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsn1252.tmp [X] 
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] 
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QMUdisk64.sys [X] 
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X] 
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\TsDefenseBT64.sys [X] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 14 January 2016 - 07:07 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 01:33 AM

 Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015

Ran by Oishi (2016-01-15 11:48:38) Run:1
Running from C:\Users\Oishi\Downloads
Loaded Profiles: Oishi (Available Profiles: Oishi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
EmptyTemp:
Download Cooking (HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.1.1 - Bus Virtual corp) <==== ATTENTION
B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
SystemSustainer (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3c2d81f8}) (Version:  - SystemSustainer) <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
C:\ProgramData\msnjusfhx.exe 
C:\ProgramData\msvddl.exe
Failed to access process -> csrss.exe 
Failed to access process -> csrss.exe 
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp
() C:\Users\Oishi\AppData\Roaming\DllServer.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [5e442893fd8d3815ac0f31193a1fdabd] => C:\Users\Oishi\AppData\Roaming\DllServer.exe [24064 2015-12-20] ()
C:\Users\Oishi\AppData\Roaming\DllServer.exe
R2 zejytose; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp 
C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
[199168 2015-07-12] () [File not signed] 
S2 3c2d81f8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\CutterInstance\CutterInstance.dll",serv
c:\Program Files (x86)\CutterInstance\CutterInstance.dll
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Client Server Runtime Process] => C:\Users\Oishi\AppData\Roaming\csrss.exe 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Oishi\AppData\Roaming\csrss.exe 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvddl.exe <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
ProxyEnable: [.DEFAULT] => Proxy is enabled. 
ProxyServer: [.DEFAULT] => http=127.0.0.1:49763;https=127.0.0.1:49763; 
ProxyEnable: [S-1-5-21-4091964856-1131281766-1042438202-1000] => Proxy is enabled. 
ProxyServer: [S-1-5-21-4091964856-1131281766-1042438202-1000] => 127.0.0.1:8118 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchdominion.info/?l=1&q={searchTerms}&pid=22194&r=2015/03/13&hid=10921619979478274896&lg=EN&cc=IN 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449662439"
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QQPCRtp.exe" -r [X] 
S2 siwomyqe; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsiBD77.tmp [X] 
S2 Sweet Crazy; "C:\Program Files (x86)\Sweet Crazy\Sweet Crazy.exe" [X] 
S2 Util Coupon Time; "C:\Program Files (x86)\Coupon Time\bin\utilCouponTime.exe" [X] 
S2 wewygyko; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsn1252.tmp [X] 
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] 
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QMUdisk64.sys [X] 
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X] 
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\TsDefenseBT64.sys [X] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
end
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
Download Cooking (HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.1.1 - Bus Virtual corp) <==== ATTENTION => Error: No automatic fix found for this entry.
B0108F0D93BC}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
SystemSustainer (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3c2d81f8}) (Version:  - SystemSustainer) <==== ATTENTION => Error: No automatic fix found for this entry.
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\ProgramData\msnjusfhx.exe" => not found.
"C:\ProgramData\msvddl.exe" => not found.
Failed to access process -> csrss.exe => Error: No automatic fix found for this entry.
Failed to access process -> csrss.exe => Error: No automatic fix found for this entry.
C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp => No running process found
C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp => No running process found
C:\Users\Oishi\AppData\Roaming\DllServer.exe => No running process found
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5e442893fd8d3815ac0f31193a1fdabd => value not found.
"C:\Users\Oishi\AppData\Roaming\DllServer.exe" => not found.
zejytose => service not found.
"C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp" => not found.
[199168 2015-07-12] () [File not signed] => Error: No automatic fix found for this entry.
3c2d81f8 => service removed successfully
"c:\Program Files (x86)\CutterInstance\CutterInstance.dll" => not found.
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Client Server Runtime Process => value not found.
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Host-process Windows (Rundll32.exe) => value not found.
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
HKCR\Wow6432Node\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
HKCR\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} => key not found. 
HKCR\CLSID\{CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} => key not found. 
Chrome StartupUrls => removed successfully
QQPCRTP => service not found.
siwomyqe => service not found.
Sweet Crazy => service removed successfully
Util Coupon Time => service not found.
wewygyko => service not found.
YTDUpdt => service not found.
KProcessHacker2 => service not found.
QMUdisk => service not found.
sbmntr => service not found.
TsDefenseBt => service not found.
VGPU => service removed successfully
EmptyTemp: => 5.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:49:33 ====


#10 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 15 January 2016 - 04:37 AM

Download the ESET services repair tool, and save it to the Desktop.
  • Double-click ServicesRepair ESETServices.gif
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
  • On the prompt This utility will reinstall Services commonly removed by exploits. Click Yes to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your Desktop, please post the content in your next reply.
---

We now will run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Then Enable your anti virus program(s).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 05:59 AM

Log Opened: 2016-01-15 @ 16:22:28
16:22:28 - -----------------
16:22:28 - | Begin Logging |
16:22:28 - -----------------
16:22:28 - Fix started on a WIN_7 X64 computer
16:22:28 - Prep in progress.  Please Wait.
16:22:32 - Prep complete
16:22:32 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
16:22:33 - Services Repair Complete.
16:22:36 - Reboot Initiated


#12 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 06:21 AM

ComboFix 16-01-07.01 - Oishi 01/15/2016  16:35:40.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4004.2071 [GMT 5.5:30]
Running from: c:\users\Oishi\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\15686516293491249214
c:\programdata\15686516293491249214\0f839359446eec4c97916381909c9350.ini
c:\programdata\15686516293491249214\2544e9905b19ed4897916381909c9350.ini
c:\programdata\15686516293491249214\37775abd6f6704a297916381909c9350.ini
c:\programdata\15686516293491249214\37a553f5bd0c893297916381909c9350.ini
c:\programdata\15686516293491249214\4775d99c57b1799e97916381909c9350.ini
c:\programdata\15686516293491249214\4cc9484e5308b1bc97916381909c9350.ini
c:\programdata\15686516293491249214\60b6132765a7b0ab97916381909c9350.ini
c:\programdata\15686516293491249214\844ec49e407831a997916381909c9350.ini
c:\programdata\15686516293491249214\8452e691c1478e9a97916381909c9350.ini
c:\programdata\15686516293491249214\954accd1ef18255b97916381909c9350.ini
c:\programdata\15686516293491249214\a4972f3d267d785797916381909c9350.ini
c:\programdata\15686516293491249214\ab04ecb30c557b3797916381909c9350.ini
c:\programdata\15686516293491249214\ad5e6328e91d5a2597916381909c9350.ini
c:\programdata\15686516293491249214\add7520f3dd44cb797916381909c9350.ini
c:\programdata\15686516293491249214\b064fcb2318aa95b97916381909c9350.ini
c:\programdata\15686516293491249214\bb3b03074f60650f97916381909c9350.ini
c:\programdata\15686516293491249214\bb54bdc50384f4da97916381909c9350.ini
c:\programdata\15686516293491249214\c5dda8811636467797916381909c9350.ini
c:\programdata\15686516293491249214\c639ec01ae8d99a997916381909c9350.ini
c:\programdata\15686516293491249214\cd5b15e575e1c3d097916381909c9350.ini
c:\programdata\15686516293491249214\d10de703829fe2d897916381909c9350.ini
c:\programdata\15686516293491249214\d1b1b8b13a22620297916381909c9350.ini
c:\programdata\15686516293491249214\d1b823d8a4cc414997916381909c9350.ini
c:\programdata\15686516293491249214\d38e8734560118a997916381909c9350.ini
c:\programdata\15686516293491249214\d55b1ff83dc82c9897916381909c9350.ini
c:\programdata\15686516293491249214\d6ae24e4beaa0e7297916381909c9350.ini
c:\programdata\15686516293491249214\d7f7ceff8d57bf9a97916381909c9350.ini
c:\programdata\15686516293491249214\d88e11b2264d074897916381909c9350.ini
c:\programdata\15686516293491249214\f392fc60cfeefae497916381909c9350.ini
c:\programdata\15686516293491249214\f457e49ace5c075b97916381909c9350.ini
c:\users\Oishi\AppData\Local\nsc1AF3.tmp
c:\users\Oishi\AppData\Local\nsm2478.tmp
c:\users\Oishi\AppData\Local\nsuC302.tmp
c:\users\Oishi\AppData\Local\nsvB732.tmp
c:\users\Oishi\AppData\Roaming\1855.tmp
c:\users\Oishi\AppData\Roaming\38F1.tmp
c:\users\Oishi\AppData\Roaming\413A.tmp
c:\users\Oishi\AppData\Roaming\512C.tmp
c:\users\Oishi\AppData\Roaming\65AF.tmp
c:\users\Oishi\AppData\Roaming\71E.tmp
c:\users\Oishi\AppData\Roaming\77AE.tmp
c:\users\Oishi\AppData\Roaming\8DE9.tmp
c:\users\Oishi\AppData\Roaming\9218.tmp
c:\users\Oishi\AppData\Roaming\92F2.tmp
c:\users\Oishi\AppData\Roaming\952E.tmp
c:\users\Oishi\AppData\Roaming\95E3.tmp
c:\users\Oishi\AppData\Roaming\9788.tmp
c:\users\Oishi\AppData\Roaming\9E.tmp
c:\users\Oishi\AppData\Roaming\B693.tmp
c:\users\Oishi\AppData\Roaming\CD04.tmp
c:\users\Oishi\AppData\Roaming\E5F5.tmp
c:\users\Oishi\AppData\Roaming\F8DC.tmp
c:\users\Oishi\AppData\Roaming\FE91.tmp
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-15 to 2016-01-15  )))))))))))))))))))))))))))))))
.
.
2016-01-15 11:13 . 2016-01-15 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-15 07:43 . 2016-01-15 07:43 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C31451EB-8FC8-49D9-8FB3-E79E6DFA1CB2}\offreg.920.dll
2016-01-14 11:25 . 2015-11-24 21:32 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C31451EB-8FC8-49D9-8FB3-E79E6DFA1CB2}\mpengine.dll
2016-01-14 05:34 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2016-01-14 05:34 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2016-01-12 07:54 . 2016-01-12 08:03 -------- d-----w- C:\AdwCleaner
2016-01-12 06:50 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-01-12 06:49 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2016-01-12 06:48 . 2015-10-20 01:05 210944 ----a-w- c:\windows\system32\wdigest.dll
2016-01-12 06:43 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2016-01-12 06:43 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2016-01-12 06:43 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2016-01-12 06:43 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2016-01-12 06:43 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2016-01-12 06:43 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2016-01-12 06:40 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll
2016-01-12 06:40 . 2014-03-04 09:17 538112 ----a-w- c:\windows\SysWow64\objsel.dll
2016-01-12 06:39 . 2014-03-04 09:43 44544 ----a-w- c:\windows\system32\dimsroam.dll
2016-01-12 06:39 . 2014-03-04 09:17 36864 ----a-w- c:\windows\SysWow64\dimsroam.dll
2016-01-12 06:39 . 2014-03-04 09:43 56832 ----a-w- c:\windows\system32\adprovider.dll
2016-01-12 06:39 . 2014-03-04 09:43 57344 ----a-w- c:\windows\system32\cngprovider.dll
2016-01-12 06:39 . 2014-03-04 09:17 49664 ----a-w- c:\windows\SysWow64\adprovider.dll
2016-01-12 06:39 . 2014-03-04 09:17 51200 ----a-w- c:\windows\SysWow64\cngprovider.dll
2016-01-12 06:39 . 2014-03-04 09:43 53760 ----a-w- c:\windows\system32\capiprovider.dll
2016-01-12 06:39 . 2014-03-04 09:43 52736 ----a-w- c:\windows\system32\dpapiprovider.dll
2016-01-12 06:39 . 2014-03-04 09:17 48128 ----a-w- c:\windows\SysWow64\capiprovider.dll
2016-01-12 06:39 . 2014-03-04 09:17 47616 ----a-w- c:\windows\SysWow64\dpapiprovider.dll
2016-01-12 06:39 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2016-01-12 06:39 . 2014-03-04 09:17 35328 ----a-w- c:\windows\SysWow64\wincredprovider.dll
2016-01-12 06:37 . 2015-07-30 18:06 1550336 ----a-w- c:\windows\system32\DWrite.dll
2016-01-12 06:37 . 2015-07-30 18:06 1148416 ----a-w- c:\windows\system32\FntCache.dll
2016-01-12 06:37 . 2015-07-30 17:57 1081856 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-01-12 06:37 . 2015-07-30 18:06 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2016-01-12 06:37 . 2015-07-30 17:57 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2016-01-12 06:33 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2016-01-12 06:33 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2016-01-12 06:33 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2016-01-12 06:33 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2016-01-12 06:30 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2016-01-12 06:30 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-01-12 06:30 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-01-12 06:18 . 2016-01-12 06:18 -------- d-----w- c:\windows\SysWow64\Wat
2016-01-12 06:18 . 2016-01-12 06:18 -------- d-----w- c:\windows\system32\Wat
2016-01-12 06:15 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2016-01-12 06:15 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2016-01-12 06:13 . 2016-01-12 06:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2016-01-12 06:08 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2016-01-12 06:08 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-01-12 06:08 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2016-01-12 06:08 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2016-01-12 06:08 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2016-01-12 06:08 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2016-01-12 06:08 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2016-01-12 06:08 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2016-01-12 06:08 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2016-01-12 06:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2016-01-12 06:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2016-01-12 06:07 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2016-01-12 06:07 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2016-01-12 06:07 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2016-01-12 06:05 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2016-01-12 06:05 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2016-01-12 06:05 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2016-01-12 06:05 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2016-01-12 06:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2016-01-12 06:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2016-01-12 06:05 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2016-01-12 06:05 . 2015-02-03 03:31 1190400 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-01-12 06:05 . 2015-02-03 03:12 1011200 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-01-12 06:04 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2016-01-12 06:04 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2016-01-12 06:04 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2016-01-12 06:04 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2016-01-12 06:04 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2016-01-12 06:03 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-01-12 06:02 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2016-01-12 06:02 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2016-01-12 06:02 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2016-01-12 06:02 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2016-01-12 06:02 . 2014-07-17 02:07 3722240 ----a-w- c:\windows\system32\mstscax.dll
2016-01-12 06:02 . 2014-07-17 02:07 1118720 ----a-w- c:\windows\system32\mstsc.exe
2016-01-12 06:02 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
2016-01-12 06:02 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\SysWow64\mstsc.exe
2016-01-12 06:00 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2016-01-12 06:00 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2016-01-12 06:00 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2016-01-12 06:00 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2016-01-12 05:57 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2016-01-12 05:57 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2016-01-12 05:57 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2016-01-12 05:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2016-01-12 05:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2016-01-12 05:57 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2016-01-12 05:57 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2016-01-12 05:56 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2016-01-12 05:56 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-01-12 05:56 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2016-01-12 05:56 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2016-01-12 05:56 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2016-01-12 05:56 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2016-01-12 05:56 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2016-01-12 05:56 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2016-01-12 05:56 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2016-01-12 05:56 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2016-01-12 05:56 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2016-01-12 05:56 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2016-01-12 05:53 . 2015-11-06 19:06 9072128 ----a-w- c:\windows\system32\mshtml.dll
2016-01-12 05:53 . 2015-11-06 19:06 12306432 ----a-w- c:\windows\system32\ieframe.dll
2016-01-12 05:53 . 2015-11-06 19:06 910848 ----a-w- c:\windows\system32\jscript.dll
2016-01-12 05:53 . 2015-11-06 19:06 2470400 ----a-w- c:\windows\system32\iertutil.dll
2016-01-12 05:51 . 2015-11-06 18:47 18944 ----a-w- c:\windows\SysWow64\corpol.dll
2016-01-12 05:50 . 2015-10-01 18:00 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-01-12 05:50 . 2015-10-01 18:00 1411072 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-01-12 05:50 . 2015-10-01 18:00 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-01-12 05:50 . 2015-10-01 18:00 1398272 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-01-12 05:50 . 2015-10-01 17:50 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-01-12 05:50 . 2015-10-01 18:00 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2016-01-12 05:48 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2016-01-12 05:48 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-01-12 05:48 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2016-01-12 05:48 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2016-01-12 05:48 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2016-01-12 05:48 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2016-01-12 05:48 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2016-01-12 05:48 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-10-20 00:45 . 2016-01-12 06:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-12 23:13 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-12 23:13 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-12 23:13 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Oishi\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-12-03 1873952]
"AdopeUpdate"="c:\googlechrome\GoogleUpdate.lnk" [2015-03-28 744]
"GoogleChromeAutoLaunch_CE13C8D82A839C0220B70C2DF2280570"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-01-12 748360]
"{F836D22C-C97C-4A94-B3AF-3074AEF17C55}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"vmware-tray.exe"="d:\vmware\vmware-tray.exe" [2015-02-06 114368]
"JavaUpdate"="c:\googlechrome\GoogleUpdate.lnk" [2015-03-28 744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys;c:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;d:\vmware\vmware-hostd.exe;d:\vmware\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 04:02 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01 19:12]
.
2016-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01 19:12]
.
2016-01-15 c:\windows\Tasks\MATLAB R2014a Startup Accelerator.job
- d:\matlab\2014a\bin\win64\MATLABStartupAccelerator.exe [2014-12-12 11:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-12 23:07 2328776 ----a-w- d:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-12 23:07 2328776 ----a-w- d:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-12 23:07 2328776 ----a-w- d:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-15 171064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-15 399416]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-15 441912]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-08 1021056]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-08 800896]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-09-20 682904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\micros~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office15\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_65558500AD2D8B45825879B925C738C1 - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
Wow6432Node-HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
Wow6432Node-HKLM-Run-5e442893fd8d3815ac0f31193a1fdabd - c:\users\Oishi\AppData\Roaming\DllServer.exe
c:\users\Oishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Learning OMNeT++ [PDF]~StormRG~.lnk - c:\programdata\{b909ab22-0160-bab3-b909-9ab22016ac88}\Learning OMNeT++ [PDF]~StormRG~.exe
HKLM_Wow6432Node-ActiveSetup-installed components - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe
AddRemove-OMNeT++ - e:\omnet++\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(u *1rGYz‚Ný€­d>ehV *­d>e\command]
@="\"c:\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe\" -runfrom DVD \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-15  16:46:04
ComboFix-quarantined-files.txt  2016-01-15 11:16
.
Pre-Run: 5,977,522,176 bytes free
Post-Run: 5,784,207,360 bytes free
.
- - End Of File - - E7A2575D0C54D5902420A4215E9BC1C3
EA923EB0EC0060F1451E9AD7B5762CFE


#13 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:11 AM

Posted 15 January 2016 - 06:34 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 07:21 AM

No malware found :D



#15 OishiBandyopadhyay

OishiBandyopadhyay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 07:34 AM

# AdwCleaner v5.029 - Logfile created 15/01/2016 at 17:59:49
# Updated 11/01/2016 by Xplode
# Database : 2016-01-14.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Oishi - OISHI-PC
# Running from : C:\Users\Oishi\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Softcomp Software
Folder Found : C:\Windows\SysNative\Tasks\ASP
Folder Found : C:\Windows\SysNative\Tasks\YTDownloader
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : ASP
Task Found : YTDownloader
Task Found : Microsoft\Windows\Multimedia\SMupdate3
Task Found : Microsoft\Windows\Maintenance\SMupdate2
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9563BC59-9556-4805-8CD4-886781779D8D}
 
***** [ Web browsers ] *****
 
[C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449662439
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1202 bytes] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users