Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers Hijacked


  • This topic is locked This topic is locked
25 replies to this topic

#1 JohnnyZ

JohnnyZ

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 30 March 2016 - 01:42 AM

Alright, so I downloaded some malicious software, which downloaded and installed other malicious software. 

 

I got AdWare Remover, Hitman Pro, Malware Bytes, they removed almost all such malware and adware. There was a tiny window I got every now and then, but it wasn't that problematic, so I chose to ignore it. Plus, the software mentioned did not detect any other adware, so I thought it wasn't anything major.

 

https://gyazo.com/ee9f541fec0ef8968e7ed06a0d443201

 

https://gyazo.com/d7a2ec1c3b4f63ff36e0b868f189c8ea

 

Something like the above.

 

Now, yesterday, all of a sudden, in almost all of the sites I visit, I get the same window...and then I get forwarded to the same site, without the option of going back. I have to close the little box really fast, or my page is gone.

 

http://server.mvmbs.com/campaign.php

 

I see that link before I get redirected. It's getting really problematic, because I've tried everything under the sun. CKill, Bitdefender, CCleaner, etc, etc. I changed my profile, but nothing. And yes, I use Adblocker...I can see it do it's magic, because every time I click on a page, something pop ups but it immediately closes it down. (More adware I'm guessing.)

 

Please tell me what to do!


Edited by JohnnyZ, 30 March 2016 - 01:47 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 30 March 2016 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs and wait for further instructions.

#3 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 31 March 2016 - 02:33 AM

By the way, I changed a few antivirus names...err...thought it would help. There you are:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by MAHE (administrator) on ZERO (31-03-2016 12:55:54)
Running from C:\Users\MAHE\Desktop\Antivirus
Loaded Profiles: MAHE (Available Profiles: MAHE & HP & MIT)
Platform: Windows 8.1 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Autodesk Inc.) C:\Users\MAHE\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [160472 2014-03-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7574896 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [419512 2014-04-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\...\MountPoints2: {4dca1af3-2c4f-11e4-826c-303a64125939} - "G:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60010;https=127.0.0.1:60010
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6E9C155B-EE34-4482-9797-5E46CB0A7C36}: [NameServer] 87.118.74.138,8.8.8.8
Tcpip\..\Interfaces\{6E9C155B-EE34-4482-9797-5E46CB0A7C36}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\MAHE\AppData\Roaming\Mozilla\Firefox\Profiles\bamhih2d.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Users\MAHE\Desktop\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2514194259-2666533998-2452640257-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\MAHE\AppData\Roaming\Mozilla\Firefox\Profiles\bamhih2d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-22] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Google Docs) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Google Drive) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (YouTube) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Adblock Plus) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-29]
CHR Extension: (Google Sheets) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Popup Blocker Pro) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-29]
CHR Extension: (Gmail) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 FCSAM; C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-11] (SurfRight B.V.)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [372408 2013-12-10] (Hewlett-Packard Development Company, L.P.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 dnwnload; C:\Users\MAHE\AppData\Local\Lasantouch.exe peoductoow dnwnload [X]
S2 RalinkRegistryWriter; "C:\Program Files (x86)\OSTotoHotspot\RaRegistry.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-03-30] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [168656 2014-03-21] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-31] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-04-02] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-03-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [89840 2016-03-01] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S1 abysfdmq; \??\C:\Windows\system32\drivers\abysfdmq.sys [X]
S1 acucpysa; \??\C:\Windows\system32\drivers\acucpysa.sys [X]
S1 akrhsihz; \??\C:\Windows\system32\drivers\akrhsihz.sys [X]
S1 apgmglsd; \??\C:\Windows\system32\drivers\apgmglsd.sys [X]
S1 aqrfxcla; \??\C:\Windows\system32\drivers\aqrfxcla.sys [X]
S1 aresfktl; \??\C:\Windows\system32\drivers\aresfktl.sys [X]
S1 arrhiapp; \??\C:\Windows\system32\drivers\arrhiapp.sys [X]
S1 axvscytk; \??\C:\Windows\system32\drivers\axvscytk.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 bgczaues; \??\C:\Windows\system32\drivers\bgczaues.sys [X]
S1 bhkzxuru; \??\C:\Windows\system32\drivers\bhkzxuru.sys [X]
S1 bohqgiec; \??\C:\Windows\system32\drivers\bohqgiec.sys [X]
S1 buycfxxk; \??\C:\Windows\system32\drivers\buycfxxk.sys [X]
S1 bvsajiqd; \??\C:\Windows\system32\drivers\bvsajiqd.sys [X]
S1 bwcebrsf; \??\C:\Windows\system32\drivers\bwcebrsf.sys [X]
S1 bwyafpou; \??\C:\Windows\system32\drivers\bwyafpou.sys [X]
S1 bxzdyjxq; \??\C:\Windows\system32\drivers\bxzdyjxq.sys [X]
S1 ckwkzuiq; \??\C:\Windows\system32\drivers\ckwkzuiq.sys [X]
S1 cndcddds; \??\C:\Windows\system32\drivers\cndcddds.sys [X]
S1 crdydhhw; \??\C:\Windows\system32\drivers\crdydhhw.sys [X]
S1 cwjlrtam; \??\C:\Windows\system32\drivers\cwjlrtam.sys [X]
S1 cwvioeic; \??\C:\Windows\system32\drivers\cwvioeic.sys [X]
S1 cybiouxi; \??\C:\Windows\system32\drivers\cybiouxi.sys [X]
S1 cztekqyt; \??\C:\Windows\system32\drivers\cztekqyt.sys [X]
S1 dguafhyr; \??\C:\Windows\system32\drivers\dguafhyr.sys [X]
S1 dhedeafk; \??\C:\Windows\system32\drivers\dhedeafk.sys [X]
S1 dhqujiwg; \??\C:\Windows\system32\drivers\dhqujiwg.sys [X]
S1 dmqbcnur; \??\C:\Windows\system32\drivers\dmqbcnur.sys [X]
S1 dnswnbfs; \??\C:\Windows\system32\drivers\dnswnbfs.sys [X]
S1 dpphhcnb; \??\C:\Windows\system32\drivers\dpphhcnb.sys [X]
S1 dtoofjjj; \??\C:\Windows\system32\drivers\dtoofjjj.sys [X]
S1 dtsveazx; \??\C:\Windows\system32\drivers\dtsveazx.sys [X]
S1 dvbjodno; \??\C:\Windows\system32\drivers\dvbjodno.sys [X]
S1 dztiacio; \??\C:\Windows\system32\drivers\dztiacio.sys [X]
S1 ebucuerf; \??\C:\Windows\system32\drivers\ebucuerf.sys [X]
S1 eeuvitml; \??\C:\Windows\system32\drivers\eeuvitml.sys [X]
S1 efmdvuyd; \??\C:\Windows\system32\drivers\efmdvuyd.sys [X]
S1 eogvbkee; \??\C:\Windows\system32\drivers\eogvbkee.sys [X]
S1 eqshkubl; \??\C:\Windows\system32\drivers\eqshkubl.sys [X]
S1 eqskrasb; \??\C:\Windows\system32\drivers\eqskrasb.sys [X]
S1 etggraqt; \??\C:\Windows\system32\drivers\etggraqt.sys [X]
S1 eujljzih; \??\C:\Windows\system32\drivers\eujljzih.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 fdivkhzr; \??\C:\Windows\system32\drivers\fdivkhzr.sys [X]
S1 fedtdqlc; \??\C:\Windows\system32\drivers\fedtdqlc.sys [X]
S1 fflujasd; \??\C:\Windows\system32\drivers\fflujasd.sys [X]
S1 ffvwcshw; \??\C:\Windows\system32\drivers\ffvwcshw.sys [X]
S1 fhbrpgtx; \??\C:\Windows\system32\drivers\fhbrpgtx.sys [X]
S1 fjuvqsfx; \??\C:\Windows\system32\drivers\fjuvqsfx.sys [X]
S1 fkmkpbjp; \??\C:\Windows\system32\drivers\fkmkpbjp.sys [X]
S1 fktllxwo; \??\C:\Windows\system32\drivers\fktllxwo.sys [X]
S1 fnljkgad; \??\C:\Windows\system32\drivers\fnljkgad.sys [X]
S1 fnwfxcor; \??\C:\Windows\system32\drivers\fnwfxcor.sys [X]
S1 focuygna; \??\C:\Windows\system32\drivers\focuygna.sys [X]
S1 fzfwbemf; \??\C:\Windows\system32\drivers\fzfwbemf.sys [X]
S1 gesjafav; \??\C:\Windows\system32\drivers\gesjafav.sys [X]
S1 gjdjzkis; \??\C:\Windows\system32\drivers\gjdjzkis.sys [X]
S1 glpmsnzu; \??\C:\Windows\system32\drivers\glpmsnzu.sys [X]
S1 gmccaejw; \??\C:\Windows\system32\drivers\gmccaejw.sys [X]
S1 gonbawzn; \??\C:\Windows\system32\drivers\gonbawzn.sys [X]
S1 gonxyqed; \??\C:\Windows\system32\drivers\gonxyqed.sys [X]
S1 gosjwoxs; \??\C:\Windows\system32\drivers\gosjwoxs.sys [X]
S1 gozxdsaf; \??\C:\Windows\system32\drivers\gozxdsaf.sys [X]
S1 gyohfbjm; \??\C:\Windows\system32\drivers\gyohfbjm.sys [X]
S1 hanlqkjv; \??\C:\Windows\system32\drivers\hanlqkjv.sys [X]
S1 hdspomsy; \??\C:\Windows\system32\drivers\hdspomsy.sys [X]
S1 hklrfase; \??\C:\Windows\system32\drivers\hklrfase.sys [X]
S1 hksgdcsj; \??\C:\Windows\system32\drivers\hksgdcsj.sys [X]
S1 hmrdjmny; \??\C:\Windows\system32\drivers\hmrdjmny.sys [X]
S1 hqlqhlws; \??\C:\Windows\system32\drivers\hqlqhlws.sys [X]
S1 hrxdhdgp; \??\C:\Windows\system32\drivers\hrxdhdgp.sys [X]
S1 hseqfjin; \??\C:\Windows\system32\drivers\hseqfjin.sys [X]
S1 hsyvbnoi; \??\C:\Windows\system32\drivers\hsyvbnoi.sys [X]
S1 ibjsgpww; \??\C:\Windows\system32\drivers\ibjsgpww.sys [X]
S1 idgjdyke; \??\C:\Windows\system32\drivers\idgjdyke.sys [X]
S1 ifltdjef; \??\C:\Windows\system32\drivers\ifltdjef.sys [X]
S1 iizfoifs; \??\C:\Windows\system32\drivers\iizfoifs.sys [X]
S1 iqnhbdvq; \??\C:\Windows\system32\drivers\iqnhbdvq.sys [X]
S1 isqhwqev; \??\C:\Windows\system32\drivers\isqhwqev.sys [X]
S1 ixhieftk; \??\C:\Windows\system32\drivers\ixhieftk.sys [X]
S1 iyrgsflw; \??\C:\Windows\system32\drivers\iyrgsflw.sys [X]
S1 jaylpvsi; \??\C:\Windows\system32\drivers\jaylpvsi.sys [X]
S1 jcatrztn; \??\C:\Windows\system32\drivers\jcatrztn.sys [X]
S1 jcycgrei; \??\C:\Windows\system32\drivers\jcycgrei.sys [X]
S1 jgrnvpkj; \??\C:\Windows\system32\drivers\jgrnvpkj.sys [X]
S1 jkmusljk; \??\C:\Windows\system32\drivers\jkmusljk.sys [X]
S1 jpxtjkio; \??\C:\Windows\system32\drivers\jpxtjkio.sys [X]
S1 jqmbjpgd; \??\C:\Windows\system32\drivers\jqmbjpgd.sys [X]
S1 jvowifkl; \??\C:\Windows\system32\drivers\jvowifkl.sys [X]
S1 jwlfdfaj; \??\C:\Windows\system32\drivers\jwlfdfaj.sys [X]
S1 jyvadgqo; \??\C:\Windows\system32\drivers\jyvadgqo.sys [X]
S1 jzkappjj; \??\C:\Windows\system32\drivers\jzkappjj.sys [X]
S1 kkusmarh; \??\C:\Windows\system32\drivers\kkusmarh.sys [X]
S1 kmfmgcrn; \??\C:\Windows\system32\drivers\kmfmgcrn.sys [X]
S1 kniizfgl; \??\C:\Windows\system32\drivers\kniizfgl.sys [X]
S1 knxcvmxi; \??\C:\Windows\system32\drivers\knxcvmxi.sys [X]
S1 krcpyszc; \??\C:\Windows\system32\drivers\krcpyszc.sys [X]
S1 kukbgpdc; \??\C:\Windows\system32\drivers\kukbgpdc.sys [X]
S1 kuvgxyzv; \??\C:\Windows\system32\drivers\kuvgxyzv.sys [X]
S1 kxgsltph; \??\C:\Windows\system32\drivers\kxgsltph.sys [X]
S1 kxswxypa; \??\C:\Windows\system32\drivers\kxswxypa.sys [X]
S1 lgdkjibs; \??\C:\Windows\system32\drivers\lgdkjibs.sys [X]
S1 lgoxxidr; \??\C:\Windows\system32\drivers\lgoxxidr.sys [X]
S1 lgoznbng; \??\C:\Windows\system32\drivers\lgoznbng.sys [X]
S1 lissotdr; \??\C:\Windows\system32\drivers\lissotdr.sys [X]
S1 lmsjvtss; \??\C:\Windows\system32\drivers\lmsjvtss.sys [X]
S1 lnfrrpqs; \??\C:\Windows\system32\drivers\lnfrrpqs.sys [X]
S1 lojwzwzg; \??\C:\Windows\system32\drivers\lojwzwzg.sys [X]
S1 lrauwlsf; \??\C:\Windows\system32\drivers\lrauwlsf.sys [X]
S1 lwuacujw; \??\C:\Windows\system32\drivers\lwuacujw.sys [X]
S1 mcipyafi; \??\C:\Windows\system32\drivers\mcipyafi.sys [X]
S1 mgebdlnp; \??\C:\Windows\system32\drivers\mgebdlnp.sys [X]
S1 mgvuvtud; \??\C:\Windows\system32\drivers\mgvuvtud.sys [X]
S1 mithvmoy; \??\C:\Windows\system32\drivers\mithvmoy.sys [X]
S1 mkgbjtno; \??\C:\Windows\system32\drivers\mkgbjtno.sys [X]
S1 mnpfeshh; \??\C:\Windows\system32\drivers\mnpfeshh.sys [X]
S1 mqyurxge; \??\C:\Windows\system32\drivers\mqyurxge.sys [X]
S1 mvaindwh; \??\C:\Windows\system32\drivers\mvaindwh.sys [X]
S1 mvgugvyw; \??\C:\Windows\system32\drivers\mvgugvyw.sys [X]
S1 nbmwntmb; \??\C:\Windows\system32\drivers\nbmwntmb.sys [X]
S1 ncjgergc; \??\C:\Windows\system32\drivers\ncjgergc.sys [X]
S1 njygsjgx; \??\C:\Windows\system32\drivers\njygsjgx.sys [X]
S1 nkwxaqsh; \??\C:\Windows\system32\drivers\nkwxaqsh.sys [X]
S1 nlajornn; \??\C:\Windows\system32\drivers\nlajornn.sys [X]
S1 nlmvzprj; \??\C:\Windows\system32\drivers\nlmvzprj.sys [X]
S1 nnditjuj; \??\C:\Windows\system32\drivers\nnditjuj.sys [X]
S1 nphodbpj; \??\C:\Windows\system32\drivers\nphodbpj.sys [X]
S1 npnpjsfq; \??\C:\Windows\system32\drivers\npnpjsfq.sys [X]
S1 nqcprqgf; \??\C:\Windows\system32\drivers\nqcprqgf.sys [X]
S1 nqpzcgkp; \??\C:\Windows\system32\drivers\nqpzcgkp.sys [X]
S1 nrqvspqv; \??\C:\Windows\system32\drivers\nrqvspqv.sys [X]
S1 nujmgpan; \??\C:\Windows\system32\drivers\nujmgpan.sys [X]
S1 nweboxou; \??\C:\Windows\system32\drivers\nweboxou.sys [X]
S1 oamqjaqo; \??\C:\Windows\system32\drivers\oamqjaqo.sys [X]
S1 oayljxnt; \??\C:\Windows\system32\drivers\oayljxnt.sys [X]
S1 ocpszvfz; \??\C:\Windows\system32\drivers\ocpszvfz.sys [X]
S1 ocynoqna; \??\C:\Windows\system32\drivers\ocynoqna.sys [X]
S1 odbpuncl; \??\C:\Windows\system32\drivers\odbpuncl.sys [X]
S1 odcpznjh; \??\C:\Windows\system32\drivers\odcpznjh.sys [X]
S1 ogeagflw; \??\C:\Windows\system32\drivers\ogeagflw.sys [X]
S1 oglxewka; \??\C:\Windows\system32\drivers\oglxewka.sys [X]
S1 ojxfogsm; \??\C:\Windows\system32\drivers\ojxfogsm.sys [X]
S1 onufiftv; \??\C:\Windows\system32\drivers\onufiftv.sys [X]
S1 oppfjmia; \??\C:\Windows\system32\drivers\oppfjmia.sys [X]
S1 pchzibbq; \??\C:\Windows\system32\drivers\pchzibbq.sys [X]
S1 pgcnnswa; \??\C:\Windows\system32\drivers\pgcnnswa.sys [X]
S1 pglemvrb; \??\C:\Windows\system32\drivers\pglemvrb.sys [X]
S1 przljvff; \??\C:\Windows\system32\drivers\przljvff.sys [X]
S1 psekelod; \??\C:\Windows\system32\drivers\psekelod.sys [X]
S1 pttmsoqb; \??\C:\Windows\system32\drivers\pttmsoqb.sys [X]
S1 pwvcuwxh; \??\C:\Windows\system32\drivers\pwvcuwxh.sys [X]
S1 qcrfsvyd; \??\C:\Windows\system32\drivers\qcrfsvyd.sys [X]
S1 qeesisck; \??\C:\Windows\system32\drivers\qeesisck.sys [X]
S1 qfawyyhi; \??\C:\Windows\system32\drivers\qfawyyhi.sys [X]
S1 qhecmhpr; \??\C:\Windows\system32\drivers\qhecmhpr.sys [X]
S1 qqezhizf; \??\C:\Windows\system32\drivers\qqezhizf.sys [X]
S1 qsxooygb; \??\C:\Windows\system32\drivers\qsxooygb.sys [X]
S1 qsyhhjov; \??\C:\Windows\system32\drivers\qsyhhjov.sys [X]
S1 rbenjmir; \??\C:\Windows\system32\drivers\rbenjmir.sys [X]
S1 rbfrlded; \??\C:\Windows\system32\drivers\rbfrlded.sys [X]
S1 rbmhmwmj; \??\C:\Windows\system32\drivers\rbmhmwmj.sys [X]
S1 rgmdnheu; \??\C:\Windows\system32\drivers\rgmdnheu.sys [X]
S1 rgoudovu; \??\C:\Windows\system32\drivers\rgoudovu.sys [X]
S1 rkhxotsq; \??\C:\Windows\system32\drivers\rkhxotsq.sys [X]
S1 rkxihtdp; \??\C:\Windows\system32\drivers\rkxihtdp.sys [X]
S1 rltcluxo; \??\C:\Windows\system32\drivers\rltcluxo.sys [X]
S1 rpcfkutd; \??\C:\Windows\system32\drivers\rpcfkutd.sys [X]
S1 rquypmpx; \??\C:\Windows\system32\drivers\rquypmpx.sys [X]
S1 rumdpdgc; \??\C:\Windows\system32\drivers\rumdpdgc.sys [X]
S1 rwrlpevz; \??\C:\Windows\system32\drivers\rwrlpevz.sys [X]
S1 sbhpxono; \??\C:\Windows\system32\drivers\sbhpxono.sys [X]
S1 secmkskp; \??\C:\Windows\system32\drivers\secmkskp.sys [X]
S1 sidawwdp; \??\C:\Windows\system32\drivers\sidawwdp.sys [X]
S1 skkhoket; \??\C:\Windows\system32\drivers\skkhoket.sys [X]
S1 slaguawi; \??\C:\Windows\system32\drivers\slaguawi.sys [X]
S1 smdfbjpf; \??\C:\Windows\system32\drivers\smdfbjpf.sys [X]
S1 sphhrkmz; \??\C:\Windows\system32\drivers\sphhrkmz.sys [X]
S1 sqyrtdhp; \??\C:\Windows\system32\drivers\sqyrtdhp.sys [X]
S1 srezayyr; \??\C:\Windows\system32\drivers\srezayyr.sys [X]
S1 stjtcpse; \??\C:\Windows\system32\drivers\stjtcpse.sys [X]
S1 suzyovoj; \??\C:\Windows\system32\drivers\suzyovoj.sys [X]
S1 swxrrftq; \??\C:\Windows\system32\drivers\swxrrftq.sys [X]
S1 taenbpwk; \??\C:\Windows\system32\drivers\taenbpwk.sys [X]
S1 tajoakgu; \??\C:\Windows\system32\drivers\tajoakgu.sys [X]
S1 tdodzrnk; \??\C:\Windows\system32\drivers\tdodzrnk.sys [X]
S1 teqrikus; \??\C:\Windows\system32\drivers\teqrikus.sys [X]
S1 tgdddovj; \??\C:\Windows\system32\drivers\tgdddovj.sys [X]
S1 tjszaaoh; \??\C:\Windows\system32\drivers\tjszaaoh.sys [X]
S1 tmwmhoiu; \??\C:\Windows\system32\drivers\tmwmhoiu.sys [X]
S1 tstjrnww; \??\C:\Windows\system32\drivers\tstjrnww.sys [X]
S1 uantzubc; \??\C:\Windows\system32\drivers\uantzubc.sys [X]
S1 uapcyedy; \??\C:\Windows\system32\drivers\uapcyedy.sys [X]
S1 uciztyre; \??\C:\Windows\system32\drivers\uciztyre.sys [X]
S1 uemmbhgh; \??\C:\Windows\system32\drivers\uemmbhgh.sys [X]
S1 uemudjyl; \??\C:\Windows\system32\drivers\uemudjyl.sys [X]
S1 uhksjhqk; \??\C:\Windows\system32\drivers\uhksjhqk.sys [X]
S1 uhunzpub; \??\C:\Windows\system32\drivers\uhunzpub.sys [X]
S1 uinlqxne; \??\C:\Windows\system32\drivers\uinlqxne.sys [X]
S1 uperrywl; \??\C:\Windows\system32\drivers\uperrywl.sys [X]
S1 usgniqtp; \??\C:\Windows\system32\drivers\usgniqtp.sys [X]
S1 uwbahomr; \??\C:\Windows\system32\drivers\uwbahomr.sys [X]
S1 uwxjrhpg; \??\C:\Windows\system32\drivers\uwxjrhpg.sys [X]
S1 vbmpqcdm; \??\C:\Windows\system32\drivers\vbmpqcdm.sys [X]
S1 veaxmitl; \??\C:\Windows\system32\drivers\veaxmitl.sys [X]
S1 vgmqqyyr; \??\C:\Windows\system32\drivers\vgmqqyyr.sys [X]
S1 vkyckhqn; \??\C:\Windows\system32\drivers\vkyckhqn.sys [X]
S1 vlmlsmev; \??\C:\Windows\system32\drivers\vlmlsmev.sys [X]
S1 vmaxqlis; \??\C:\Windows\system32\drivers\vmaxqlis.sys [X]
S1 vmqjwoew; \??\C:\Windows\system32\drivers\vmqjwoew.sys [X]
S1 vpdhrkbv; \??\C:\Windows\system32\drivers\vpdhrkbv.sys [X]
S1 vwwofkyq; \??\C:\Windows\system32\drivers\vwwofkyq.sys [X]
S1 vytaqkgt; \??\C:\Windows\system32\drivers\vytaqkgt.sys [X]
S1 wojfbykh; \??\C:\Windows\system32\drivers\wojfbykh.sys [X]
S1 wswljzrf; \??\C:\Windows\system32\drivers\wswljzrf.sys [X]
S1 wuottphg; \??\C:\Windows\system32\drivers\wuottphg.sys [X]
S1 wwmefect; \??\C:\Windows\system32\drivers\wwmefect.sys [X]
S1 wwxbpjph; \??\C:\Windows\system32\drivers\wwxbpjph.sys [X]
S1 xgrpfcdf; \??\C:\Windows\system32\drivers\xgrpfcdf.sys [X]
S1 xispvyhv; \??\C:\Windows\system32\drivers\xispvyhv.sys [X]
S1 xllxlmhw; \??\C:\Windows\system32\drivers\xllxlmhw.sys [X]
S1 xnkynvmw; \??\C:\Windows\system32\drivers\xnkynvmw.sys [X]
S1 xnoqyecv; \??\C:\Windows\system32\drivers\xnoqyecv.sys [X]
S1 xoirjymn; \??\C:\Windows\system32\drivers\xoirjymn.sys [X]
S1 xwanafod; \??\C:\Windows\system32\drivers\xwanafod.sys [X]
S1 yddgzeuh; \??\C:\Windows\system32\drivers\yddgzeuh.sys [X]
S1 yemdmwuz; \??\C:\Windows\system32\drivers\yemdmwuz.sys [X]
S1 ynmtjlyd; \??\C:\Windows\system32\drivers\ynmtjlyd.sys [X]
S1 zcydxyxu; \??\C:\Windows\system32\drivers\zcydxyxu.sys [X]
S1 zhzihyzh; \??\C:\Windows\system32\drivers\zhzihyzh.sys [X]
S1 zjhirdnt; \??\C:\Windows\system32\drivers\zjhirdnt.sys [X]
S1 zruarque; \??\C:\Windows\system32\drivers\zruarque.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-31 12:54 - 2016-03-31 12:55 - 00000000 ____D C:\FRST
2016-03-30 18:30 - 2016-03-30 18:30 - 03102208 _____ C:\Users\MAHE\Downloads\adwcleaner_5.107.exe
2016-03-30 18:21 - 2016-03-30 18:21 - 00005678 _____ C:\Windows\system32\.crusader
2016-03-30 18:05 - 2016-03-30 21:42 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-03-30 17:37 - 2016-03-30 17:38 - 11441744 _____ (SurfRight B.V.) C:\Users\MAHE\Downloads\hitmanpro_x64 (3).exe
2016-03-30 17:34 - 2016-03-31 12:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-30 17:33 - 2016-03-30 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-30 17:33 - 2016-03-30 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-30 17:33 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-30 17:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-30 17:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-30 12:44 - 2016-03-30 12:44 - 00098025 _____ C:\ProgramData\1459321972.bdinstall.bin
2016-03-30 12:24 - 2016-03-30 12:24 - 00058687 _____ C:\ProgramData\1459320863.bdinstall.bin
2016-03-30 12:24 - 2016-03-30 12:24 - 00037670 _____ C:\ProgramData\1459320855.bdinstall.bin
2016-03-30 12:23 - 2016-03-30 12:25 - 22851472 _____ (Malwarebytes ) C:\Users\MAHE\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-29 21:46 - 2016-03-29 21:46 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\MAHE\Downloads\redhammer264.exe
2016-03-29 21:46 - 2016-03-29 21:46 - 00103166 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_21.46.14_log.txt
2016-03-29 21:16 - 2016-03-29 21:46 - 00201630 _____ C:\Windows\ntbtlog.txt
2016-03-29 20:46 - 2016-03-29 20:46 - 00559944 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-29 20:43 - 2016-03-29 20:43 - 00001476 _____ C:\Users\MAHE\Desktop\JRT.txt
2016-03-29 20:38 - 2016-03-29 20:38 - 01610352 _____ (Malwarebytes) C:\Users\MAHE\Downloads\JRT.exe
2016-03-29 20:23 - 2016-03-29 20:23 - 05659241 _____ (Swearware) C:\Users\MAHE\Downloads\poopsicle2.exe
2016-03-29 20:20 - 2016-03-29 20:20 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\MAHE\Downloads\rkill64-19922.exe
2016-03-29 20:07 - 2016-03-29 20:07 - 03102208 _____ C:\Users\MAHE\Downloads\AdwCleaner.exe
2016-03-29 19:51 - 2016-03-29 19:52 - 05659241 _____ (Swearware) C:\Users\MAHE\Downloads\ComboFix (1).exe
2016-03-29 19:48 - 2016-03-29 19:53 - 00257206 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_19.48.25_log.txt
2016-03-29 19:47 - 2016-03-29 19:48 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MAHE\Downloads\tdsskiller.exe
2016-03-29 19:44 - 2016-03-29 21:46 - 00002178 _____ C:\Users\MAHE\Desktop\Rkill.txt
2016-03-29 19:44 - 2016-03-29 19:44 - 05659241 _____ (Swearware) C:\Users\MAHE\Downloads\poopsicle.exe
2016-03-29 19:44 - 2016-03-29 19:44 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\MAHE\Downloads\rkill64.exe
2016-03-29 19:43 - 2016-03-29 19:43 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\MAHE\Downloads\redhammer2.exe
2016-03-29 19:19 - 2016-03-29 19:19 - 02870984 _____ (ESET) C:\Users\MAHE\Downloads\esetsmartinstaller_enu.exe
2016-03-29 18:45 - 2016-03-29 18:45 - 00772016 _____ (Reimage®) C:\Users\MAHE\Downloads\ReimageRepair.exe
2016-03-29 18:04 - 2016-03-29 18:04 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-03-29 18:04 - 2016-03-29 18:04 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-03-29 18:03 - 2016-03-29 18:03 - 00700584 _____ C:\Users\MAHE\Downloads\Adware_Removal_Tool_by_TSA.exe
2016-03-29 13:44 - 2016-03-29 13:44 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-29 13:39 - 2016-03-29 13:40 - 16242632 _____ (Rockstar Games) C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup (1).exe
2016-03-29 12:31 - 2016-03-29 12:31 - 00000574 _____ C:\Users\MAHE\Desktop\L.A.Noire.lnk
2016-03-29 12:31 - 2016-03-29 12:31 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\L.A.Noire
2016-03-29 10:05 - 2016-03-29 10:05 - 00058250 _____ C:\Users\MAHE\Downloads\the-heartbreak-kid-english-yify-26152.zip
2016-03-29 10:05 - 2013-02-14 19:02 - 00154466 ____N C:\Users\MAHE\Downloads\The.Heartbreak.Kid.2007.1080p.BluRay.x264-CiRCLE USB renc.srt
2016-03-28 20:17 - 2016-03-28 20:17 - 00000000 ____D C:\Users\MAHE\AppData\Local\SKIDROW
2016-03-28 20:12 - 2016-03-28 20:12 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\MAHE\Downloads\SpyHunter-Installer.exe
2016-03-28 12:56 - 2016-03-28 12:56 - 02302509 _____ C:\Users\MAHE\Downloads\files.zip
2016-03-28 12:54 - 2016-03-28 18:07 - 00000000 ____D C:\Users\MAHE\Desktop\AXN Cards
2016-03-28 09:25 - 2013-12-27 18:46 - 00117400 ____N C:\Users\MAHE\Downloads\kiss-kiss-bang-bang-yify-english.srt
2016-03-28 09:24 - 2016-03-28 09:24 - 00046266 _____ C:\Users\MAHE\Downloads\kiss-kiss-bang-bang-english-yify-3865.zip
2016-03-28 09:24 - 2016-03-28 09:24 - 00046266 _____ C:\Users\MAHE\Downloads\kiss-kiss-bang-bang-english-yify-3865 (1).zip
2016-03-27 20:55 - 2016-03-27 20:55 - 00000810 _____ C:\Users\MAHE\Desktop\Sins of a Solar Empire - Rebellion.lnk
2016-03-27 20:55 - 2016-03-27 20:55 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Sins of a Solar Empire - Rebellion
2016-03-27 20:44 - 2016-03-27 20:44 - 01732703 _____ C:\Users\MAHE\Downloads\EMILauncher1.6 (1).zip
2016-03-27 20:37 - 2016-03-27 20:37 - 01732703 _____ C:\Users\MAHE\Downloads\EMILauncher1.6.zip
2016-03-27 19:43 - 2016-03-27 19:43 - 01315331 _____ (Flawless Widescreen ) C:\Users\MAHE\Downloads\fws_setup_x64 (1).exe
2016-03-27 19:43 - 2016-03-27 19:43 - 00001157 _____ C:\Users\Public\Desktop\Flawless Widescreen.lnk
2016-03-27 19:43 - 2016-03-27 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
2016-03-27 19:16 - 2016-03-27 19:16 - 01375577 _____ C:\Users\MAHE\Downloads\fdx-sk13.rar
2016-03-27 19:07 - 2016-03-27 19:07 - 00306225 _____ C:\Users\MAHE\Downloads\uniws.zip
2016-03-27 18:22 - 2016-03-27 18:24 - 23238358 _____ C:\Users\MAHE\Downloads\fc-kotor.7z
2016-03-27 18:13 - 2016-03-27 18:13 - 00001254 _____ C:\Users\MAHE\Downloads\KOTR_13d.zip
2016-03-27 18:08 - 2016-03-27 18:08 - 00001848 _____ C:\Users\MIT\Desktop\Star Wars Knights of the Old Republic.lnk
2016-03-27 18:08 - 2016-03-27 18:08 - 00001848 _____ C:\Users\HP\Desktop\Star Wars Knights of the Old Republic.lnk
2016-03-27 18:08 - 2016-03-27 18:08 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2016-03-27 09:46 - 2016-03-27 09:46 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2016-03-26 21:43 - 2016-03-30 18:31 - 00000000 ____D C:\AdwCleaner
2016-03-26 21:43 - 2016-03-26 21:43 - 01530368 _____ C:\Users\MAHE\Downloads\adwcleaner_5.105.exe
2016-03-26 18:00 - 2016-03-26 18:00 - 00043538 _____ C:\Users\MAHE\Downloads\[kat.cr]monkey.island.collection.windows.7.ready.eqa5cro (1).torrent
2016-03-26 17:59 - 2016-03-27 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2016-03-26 05:16 - 2016-03-26 19:47 - 00000000 ____D C:\Users\MAHE\AppData\Local\VirtualStore
2016-03-26 05:15 - 2016-03-26 05:15 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-26 00:18 - 2016-03-26 00:18 - 00000000 ____D C:\Users\HP\AppData\Roaming\Hewlett-Packard
2016-03-26 00:15 - 2016-03-26 00:15 - 00000000 ____D C:\Users\HP\Documents\Autodesk Application Manager
2016-03-26 00:15 - 2016-03-26 00:15 - 00000000 ____D C:\Users\HP\AppData\Roaming\Intel Corporation
2016-03-26 00:15 - 2016-03-26 00:15 - 00000000 ____D C:\Users\HP\AppData\Roaming\Autodesk
2016-03-26 00:15 - 2016-03-26 00:15 - 00000000 ____D C:\Users\HP\AppData\Local\Autodesk
2016-03-26 00:14 - 2016-03-26 00:14 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2514194259-2666533998-2452640257-1009
2016-03-25 14:20 - 2016-03-25 14:20 - 00100651 _____ C:\Users\MAHE\Downloads\[kat.cr]star.wars.knights.of.the.old.republic.2003.pc.multi2 (1).torrent
2016-03-25 14:18 - 2016-03-25 14:18 - 00100651 _____ C:\Users\MAHE\Downloads\[kat.cr]star.wars.knights.of.the.old.republic.2003.pc.multi2.torrent
2016-03-25 11:40 - 2016-03-25 11:40 - 00043538 _____ C:\Users\MAHE\Downloads\[kat.cr]monkey.island.collection.windows.7.ready.eqa5cro.torrent
2016-03-25 11:32 - 2016-03-25 11:32 - 00706944 _____ C:\Users\MAHE\Downloads\Unconfirmed 309367.crdownload
2016-03-25 10:52 - 2016-03-25 10:54 - 16242632 _____ (Rockstar Games) C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup.exe
2016-03-25 09:13 - 2016-03-25 09:21 - 00000313 _____ C:\Users\MAHE\Desktop\PassportApp.txt
2016-03-25 08:58 - 2016-03-25 08:58 - 00795584 _____ C:\Users\MAHE\Downloads\PassportApplicationForm_Main_English_V3.0.zip
2016-03-24 19:20 - 2016-03-24 19:20 - 00145168 _____ C:\Users\MAHE\Downloads\Copy of SRT vs AAR (002).xlsx
2016-03-24 19:14 - 2016-03-24 19:14 - 00104958 _____ C:\Users\MAHE\Downloads\SRT vs AAR.XLSX
2016-03-24 19:11 - 2016-03-26 16:59 - 00000000 ____D C:\Users\MAHE\Desktop\Papa
2016-03-24 12:50 - 2016-03-24 12:50 - 00016132 _____ C:\Users\MAHE\Downloads\Dances with Wolves (1990) [720p] [YTS.AG].torrent
2016-03-24 09:25 - 2016-03-24 09:25 - 00025121 _____ C:\Users\MAHE\Downloads\The Hateful Eight (2015) [720p] [YTS.AG].torrent
2016-03-23 18:09 - 2016-03-31 11:11 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 18:09 - 2016-03-31 11:11 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 17:34 - 2016-03-23 17:34 - 00987728 _____ (Google Inc.) C:\Users\MAHE\Desktop\ChromeSetup.exe
2016-03-22 07:38 - 2016-03-23 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-14 23:28 - 2016-03-14 23:28 - 00000666 _____ C:\Users\MAHE\Desktop\Crusader Kings II.lnk
2016-03-14 23:27 - 2016-03-29 10:27 - 00000000 ____D C:\Users\MAHE\Documents\Paradox Interactive
2016-03-14 11:01 - 2016-03-14 11:01 - 00000000 ____D C:\ProgramData\bdch
2016-03-14 06:28 - 2016-03-14 06:28 - 00000000 ____D C:\Users\MAHE\Desktop\Mass Effect 3 International Language Pack
2016-03-14 04:11 - 2016-03-14 04:11 - 00000000 ____D C:\Users\MAHE\Documents\BioWare
2016-03-14 01:47 - 2016-03-31 12:55 - 00000000 ____D C:\Users\MAHE\Desktop\Antivirus
2016-03-14 01:29 - 2016-03-14 01:29 - 00000000 ____D C:\Users\MAHE\AppData\Local\Chromium
2016-03-14 01:24 - 2016-03-20 03:16 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 00:17 - 2016-03-25 10:43 - 00000885 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-14 00:17 - 2016-03-14 00:19 - 00000000 ____D C:\Program Files\CCleaner
2016-03-14 00:17 - 2016-03-14 00:17 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-13 23:48 - 2016-03-13 23:49 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\QuickScan
2016-03-13 21:10 - 2016-03-13 21:16 - 56463768 _____ (Rockstar Games) C:\Users\MAHE\Downloads\Social Club Latest Setup (1).exe
2016-03-13 21:01 - 2016-03-13 21:02 - 11441744 _____ (SurfRight B.V.) C:\Users\MAHE\Downloads\hitmanpro_x64 (2).exe
2016-03-13 20:36 - 2016-03-13 20:40 - 48750920 _____ C:\Users\MAHE\Downloads\BDPUARLauncher.exe
2016-03-13 20:32 - 2016-03-13 20:33 - 11441744 _____ (SurfRight B.V.) C:\Users\MAHE\Downloads\hitmanpro_x64 (1).exe
2016-03-13 20:21 - 2016-03-13 20:24 - 22908888 _____ (Malwarebytes ) C:\Users\MAHE\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-13 20:18 - 2016-03-13 20:18 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\MCorp
2016-03-13 20:13 - 2016-03-29 19:11 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-03-13 20:13 - 2016-03-13 20:13 - 00000000 ____D C:\Users\MAHE\AppData\Local\UCBrowser
2016-03-13 19:57 - 2016-03-01 02:20 - 00089840 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
2016-03-13 19:55 - 2016-03-13 19:55 - 00003340 _____ C:\Windows\System32\Tasks\Fanri
2016-03-13 19:54 - 2016-03-13 19:54 - 00000000 ____D C:\uninst
2016-03-13 08:47 - 2016-03-13 08:48 - 10221164 _____ C:\Users\MAHE\Downloads\Unconfirmed 674312.crdownload
2016-03-13 08:36 - 2016-03-13 08:36 - 00000000 ____D C:\Users\MAHE\Downloads\Torrentex
2016-03-13 08:35 - 2016-03-13 08:35 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\MAHE\Downloads\libeay32.dll
2016-03-13 08:35 - 2016-03-13 08:35 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\MAHE\Downloads\ssleay32.dll
2016-03-13 07:58 - 2016-03-13 07:58 - 00998060 _____ C:\Users\MAHE\Downloads\la.noire.social.club.offline.crack.zip
2016-03-13 07:58 - 2016-03-13 07:58 - 00998060 _____ C:\Users\MAHE\Downloads\la.noire.social.club.offline.crack (1).zip
2016-03-13 07:54 - 2016-03-13 08:01 - 56463768 _____ (Rockstar Games) C:\Users\MAHE\Downloads\Social Club Latest Setup.exe
2016-03-13 07:51 - 2016-03-13 07:52 - 00657666 _____ C:\Users\MAHE\Downloads\socialclub.zip
2016-03-13 07:43 - 2016-03-29 13:38 - 00000000 ____D C:\Users\MAHE\Documents\Rockstar Games
2016-03-13 07:43 - 2016-03-29 13:38 - 00000000 ____D C:\ProgramData\RELOADED
2016-03-13 05:37 - 2016-03-13 05:37 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\PowerISO
2016-03-13 05:36 - 2016-03-13 05:36 - 00000688 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-03-13 05:36 - 2016-03-13 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-03-13 05:35 - 2016-03-13 08:11 - 00000000 ____D C:\Users\MAHE\Desktop\PowerISO
2016-03-13 05:35 - 2016-02-10 18:51 - 00137280 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-03-13 05:34 - 2016-03-13 05:34 - 02916016 _____ (Power Software Ltd) C:\Users\MAHE\Downloads\PowerISO6-cnet.exe
2016-03-12 10:36 - 2016-03-12 10:36 - 00000000 ____D C:\Users\MAHE\Documents\Eidos
2016-03-12 10:35 - 2016-03-12 10:35 - 00000000 ____D C:\Users\MAHE\Documents\defaultengine.ini
2016-03-12 09:58 - 2016-03-12 09:58 - 00045951 _____ C:\Users\MAHE\Downloads\nvtt.zip
2016-03-12 09:55 - 2016-03-12 09:55 - 00055624 _____ C:\Users\MAHE\Downloads\steam_api.zip
2016-03-12 09:53 - 2016-03-12 09:51 - 00061805 _____ C:\Windows\system32\defaultengine.ini
2016-03-12 09:51 - 2016-03-12 09:51 - 00061805 _____ C:\Users\MAHE\Downloads\defaultengine.ini
2016-03-12 09:37 - 2016-03-12 09:38 - 08780754 _____ C:\Users\MAHE\Downloads\xlive (1).zip
2016-03-12 08:56 - 2016-03-12 08:56 - 03878112 _____ (Husdawg, LLC) C:\Users\MAHE\Downloads\Detection.exe
2016-03-09 16:02 - 2016-02-06 16:18 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 16:02 - 2016-02-06 15:54 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 16:01 - 2016-02-06 15:31 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 16:01 - 2016-02-06 15:13 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 16:01 - 2016-02-06 15:02 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 16:01 - 2016-02-06 14:46 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 16:01 - 2016-02-06 14:39 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 16:01 - 2016-02-06 14:24 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-05 13:47 - 2016-03-30 17:58 - 00000000 ____D C:\Users\MAHE\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-31 12:55 - 2014-08-27 23:01 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Skype
2016-03-31 12:47 - 2014-08-19 16:49 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2514194259-2666533998-2452640257-1001
2016-03-31 12:46 - 2014-08-16 13:16 - 00000572 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2016-03-31 12:41 - 2014-08-25 17:40 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-31 12:41 - 2014-07-31 10:11 - 00000000 ____D C:\Users\MAHE
2016-03-31 11:06 - 2014-08-25 17:40 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-31 09:42 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-31 00:25 - 2015-05-03 04:51 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\vlc
2016-03-30 23:17 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2016-03-30 23:05 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2016-03-30 21:50 - 2015-08-07 11:42 - 02664960 ___SH C:\Users\MAHE\Desktop\Thumbs.db
2016-03-30 21:37 - 2014-12-13 02:52 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\uTorrent
2016-03-30 20:07 - 2016-02-02 12:04 - 00003551 _____ C:\Users\MAHE\Desktop\axn accounts.txt
2016-03-30 12:41 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2016-03-30 12:35 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-03-30 12:32 - 2015-12-09 14:55 - 00000000 ____D C:\Users\MAHE\AppData\Local\PowerChallenge
2016-03-30 12:32 - 2014-08-25 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-30 12:22 - 2015-11-23 01:06 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-29 19:11 - 2015-11-20 01:55 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2016-03-29 19:11 - 2015-08-14 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2016-03-29 19:11 - 2015-06-14 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 2
2016-03-29 19:11 - 2015-06-01 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 1
2016-03-29 19:11 - 2015-03-29 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum  - CarlesNeo !
2016-03-29 19:11 - 2015-02-09 21:32 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borderlands 2
2016-03-29 19:11 - 2015-02-08 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Absolution
2016-03-29 19:11 - 2015-02-02 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancys Ghost Recon Future Soldier
2016-03-29 19:11 - 2015-02-01 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deadpool
2016-03-29 19:11 - 2014-12-21 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2016-03-29 19:11 - 2014-10-25 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap
2016-03-29 19:11 - 2014-10-25 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 - English
2016-03-29 19:11 - 2014-10-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-03-29 19:11 - 2014-09-16 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-29 19:11 - 2014-09-14 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condition Zero
2016-03-29 19:11 - 2014-09-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2016-03-29 19:04 - 2016-01-22 19:17 - 00003150 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMAHE
2016-03-29 19:04 - 2016-01-22 19:17 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForMAHE.job
2016-03-28 21:05 - 2013-09-30 09:44 - 00005598 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-28 20:17 - 2015-12-09 13:41 - 00000000 ____D C:\Users\MAHE\Documents\My Games
2016-03-28 18:17 - 2014-08-25 17:40 - 00000000 ____D C:\Users\MAHE\AppData\Local\Google
2016-03-28 01:37 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2016-03-27 22:30 - 2014-07-31 10:12 - 00000000 ____D C:\Users\MAHE\AppData\Local\Packages
2016-03-27 17:50 - 2014-07-31 09:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-27 13:31 - 2015-08-06 00:06 - 00615424 ___SH C:\Users\MAHE\Downloads\Thumbs.db
2016-03-26 13:20 - 2014-11-09 04:30 - 00000000 _____ C:\Recovery.txt
2016-03-26 00:18 - 2014-08-26 12:05 - 00000000 ____D C:\Users\HP
2016-03-25 22:27 - 2015-12-09 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-23 18:06 - 2014-08-25 17:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-18 23:46 - 2014-08-26 12:03 - 00000000 ____D C:\Users\MIT
2016-03-18 19:52 - 2014-08-29 19:03 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2016-03-15 20:51 - 2014-07-31 09:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-15 20:45 - 2013-08-22 18:55 - 00000167 _____ C:\Windows\win.ini
2016-03-14 23:30 - 2015-02-02 10:42 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-03-14 11:15 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2016-03-14 01:35 - 2016-02-27 20:39 - 00000679 _____ C:\Users\MAHE\Desktop\Play Football Manager 2016.lnk
2016-03-14 01:35 - 2015-07-05 15:35 - 00000679 _____ C:\Users\MAHE\Desktop\Play Football Manager 2015.lnk
2016-03-14 01:35 - 2015-02-11 01:12 - 00000634 _____ C:\Users\MAHE\Desktop\Play Civilization V.lnk
2016-03-14 00:27 - 2014-09-23 00:42 - 00000000 ____D C:\Windows\Minidump
2016-03-14 00:27 - 2014-07-31 10:05 - 00000000 ____D C:\Windows\Panther
2016-03-14 00:27 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\ModemLogs
2016-03-13 20:17 - 2015-12-09 16:02 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-13 20:16 - 2015-12-09 16:02 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-13 20:16 - 2015-10-09 16:06 - 00001204 _____ C:\Users\MAHE\Desktop\Left 4 Dead 2 launcher.lnk
2016-03-13 20:16 - 2014-07-31 10:12 - 00001446 _____ C:\Users\MAHE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 12:53 - 2014-07-31 11:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 19:42 - 2014-08-27 23:01 - 00000000 ____D C:\ProgramData\Skype
2016-03-11 19:31 - 2013-09-30 09:24 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-11 19:31 - 2013-08-22 21:06 - 00000000 ___RD C:\Windows\ToastData
2016-03-09 16:14 - 2014-07-31 15:38 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 16:07 - 2014-07-31 15:38 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-06 16:06 - 2014-09-13 23:06 - 00000688 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-06 16:03 - 2014-07-31 10:40 - 00000000 ____D C:\Users\MAHE\AppData\Roaming\hpqLog
2016-03-04 12:28 - 2016-02-06 00:24 - 00003396 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-03-04 12:28 - 2016-02-06 00:24 - 00003270 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-03-04 12:28 - 2016-02-06 00:24 - 00000000 ____D C:\Program Files (x86)\Gyazo
 
==================== Files in the root of some directories =======
 
2015-11-20 02:43 - 2015-11-22 00:43 - 0000100 _____ () C:\Users\MAHE\AppData\Roaming\WB.CFG
2016-02-10 00:10 - 2016-02-10 00:10 - 0008896 _____ () C:\Users\MAHE\AppData\Local\recently-used.xbel
2016-03-30 12:24 - 2016-03-30 12:24 - 0037670 _____ () C:\ProgramData\1459320855.bdinstall.bin
2016-03-30 12:24 - 2016-03-30 12:24 - 0058687 _____ () C:\ProgramData\1459320863.bdinstall.bin
2016-03-30 12:44 - 2016-03-30 12:44 - 0098025 _____ () C:\ProgramData\1459321972.bdinstall.bin
2014-10-25 12:42 - 2014-10-25 12:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\MAHE\AppData\Local\Temp\ReimagePackage.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-30 22:15
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 31 March 2016 - 09:19 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-2514194259-2666533998-2452640257-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Extension: (Popup Blocker Pro) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-29]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S2 dnwnload; C:\Users\MAHE\AppData\Local\Lasantouch.exe peoductoow dnwnload [X]
S2 RalinkRegistryWriter; "C:\Program Files (x86)\OSTotoHotspot\RaRegistry.exe" [X]
S1 abysfdmq; \??\C:\Windows\system32\drivers\abysfdmq.sys [X]
S1 acucpysa; \??\C:\Windows\system32\drivers\acucpysa.sys [X]
S1 akrhsihz; \??\C:\Windows\system32\drivers\akrhsihz.sys [X]
S1 apgmglsd; \??\C:\Windows\system32\drivers\apgmglsd.sys [X]
S1 aqrfxcla; \??\C:\Windows\system32\drivers\aqrfxcla.sys [X]
S1 aresfktl; \??\C:\Windows\system32\drivers\aresfktl.sys [X]
S1 arrhiapp; \??\C:\Windows\system32\drivers\arrhiapp.sys [X]
S1 axvscytk; \??\C:\Windows\system32\drivers\axvscytk.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 bgczaues; \??\C:\Windows\system32\drivers\bgczaues.sys [X]
S1 bhkzxuru; \??\C:\Windows\system32\drivers\bhkzxuru.sys [X]
S1 bohqgiec; \??\C:\Windows\system32\drivers\bohqgiec.sys [X]
S1 buycfxxk; \??\C:\Windows\system32\drivers\buycfxxk.sys [X]
S1 bvsajiqd; \??\C:\Windows\system32\drivers\bvsajiqd.sys [X]
S1 bwcebrsf; \??\C:\Windows\system32\drivers\bwcebrsf.sys [X]
S1 bwyafpou; \??\C:\Windows\system32\drivers\bwyafpou.sys [X]
S1 bxzdyjxq; \??\C:\Windows\system32\drivers\bxzdyjxq.sys [X]
S1 ckwkzuiq; \??\C:\Windows\system32\drivers\ckwkzuiq.sys [X]
S1 cndcddds; \??\C:\Windows\system32\drivers\cndcddds.sys [X]
S1 crdydhhw; \??\C:\Windows\system32\drivers\crdydhhw.sys [X]
S1 cwjlrtam; \??\C:\Windows\system32\drivers\cwjlrtam.sys [X]
S1 cwvioeic; \??\C:\Windows\system32\drivers\cwvioeic.sys [X]
S1 cybiouxi; \??\C:\Windows\system32\drivers\cybiouxi.sys [X]
S1 cztekqyt; \??\C:\Windows\system32\drivers\cztekqyt.sys [X]
S1 dguafhyr; \??\C:\Windows\system32\drivers\dguafhyr.sys [X]
S1 dhedeafk; \??\C:\Windows\system32\drivers\dhedeafk.sys [X]
S1 dhqujiwg; \??\C:\Windows\system32\drivers\dhqujiwg.sys [X]
S1 dmqbcnur; \??\C:\Windows\system32\drivers\dmqbcnur.sys [X]
S1 dnswnbfs; \??\C:\Windows\system32\drivers\dnswnbfs.sys [X]
S1 dpphhcnb; \??\C:\Windows\system32\drivers\dpphhcnb.sys [X]
S1 dtoofjjj; \??\C:\Windows\system32\drivers\dtoofjjj.sys [X]
S1 dtsveazx; \??\C:\Windows\system32\drivers\dtsveazx.sys [X]
S1 dvbjodno; \??\C:\Windows\system32\drivers\dvbjodno.sys [X]
S1 dztiacio; \??\C:\Windows\system32\drivers\dztiacio.sys [X]
S1 ebucuerf; \??\C:\Windows\system32\drivers\ebucuerf.sys [X]
S1 eeuvitml; \??\C:\Windows\system32\drivers\eeuvitml.sys [X]
S1 efmdvuyd; \??\C:\Windows\system32\drivers\efmdvuyd.sys [X]
S1 eogvbkee; \??\C:\Windows\system32\drivers\eogvbkee.sys [X]
S1 eqshkubl; \??\C:\Windows\system32\drivers\eqshkubl.sys [X]
S1 eqskrasb; \??\C:\Windows\system32\drivers\eqskrasb.sys [X]
S1 etggraqt; \??\C:\Windows\system32\drivers\etggraqt.sys [X]
S1 eujljzih; \??\C:\Windows\system32\drivers\eujljzih.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 fdivkhzr; \??\C:\Windows\system32\drivers\fdivkhzr.sys [X]
S1 fedtdqlc; \??\C:\Windows\system32\drivers\fedtdqlc.sys [X]
S1 fflujasd; \??\C:\Windows\system32\drivers\fflujasd.sys [X]
S1 ffvwcshw; \??\C:\Windows\system32\drivers\ffvwcshw.sys [X]
S1 fhbrpgtx; \??\C:\Windows\system32\drivers\fhbrpgtx.sys [X]
S1 fjuvqsfx; \??\C:\Windows\system32\drivers\fjuvqsfx.sys [X]
S1 fkmkpbjp; \??\C:\Windows\system32\drivers\fkmkpbjp.sys [X]
S1 fktllxwo; \??\C:\Windows\system32\drivers\fktllxwo.sys [X]
S1 fnljkgad; \??\C:\Windows\system32\drivers\fnljkgad.sys [X]
S1 fnwfxcor; \??\C:\Windows\system32\drivers\fnwfxcor.sys [X]
S1 focuygna; \??\C:\Windows\system32\drivers\focuygna.sys [X]
S1 fzfwbemf; \??\C:\Windows\system32\drivers\fzfwbemf.sys [X]
S1 gesjafav; \??\C:\Windows\system32\drivers\gesjafav.sys [X]
S1 gjdjzkis; \??\C:\Windows\system32\drivers\gjdjzkis.sys [X]
S1 glpmsnzu; \??\C:\Windows\system32\drivers\glpmsnzu.sys [X]
S1 gmccaejw; \??\C:\Windows\system32\drivers\gmccaejw.sys [X]
S1 gonbawzn; \??\C:\Windows\system32\drivers\gonbawzn.sys [X]
S1 gonxyqed; \??\C:\Windows\system32\drivers\gonxyqed.sys [X]
S1 gosjwoxs; \??\C:\Windows\system32\drivers\gosjwoxs.sys [X]
S1 gozxdsaf; \??\C:\Windows\system32\drivers\gozxdsaf.sys [X]
S1 gyohfbjm; \??\C:\Windows\system32\drivers\gyohfbjm.sys [X]
S1 hanlqkjv; \??\C:\Windows\system32\drivers\hanlqkjv.sys [X]
S1 hdspomsy; \??\C:\Windows\system32\drivers\hdspomsy.sys [X]
S1 hklrfase; \??\C:\Windows\system32\drivers\hklrfase.sys [X]
S1 hksgdcsj; \??\C:\Windows\system32\drivers\hksgdcsj.sys [X]
S1 hmrdjmny; \??\C:\Windows\system32\drivers\hmrdjmny.sys [X]
S1 hqlqhlws; \??\C:\Windows\system32\drivers\hqlqhlws.sys [X]
S1 hrxdhdgp; \??\C:\Windows\system32\drivers\hrxdhdgp.sys [X]
S1 hseqfjin; \??\C:\Windows\system32\drivers\hseqfjin.sys [X]
S1 hsyvbnoi; \??\C:\Windows\system32\drivers\hsyvbnoi.sys [X]
S1 ibjsgpww; \??\C:\Windows\system32\drivers\ibjsgpww.sys [X]
S1 idgjdyke; \??\C:\Windows\system32\drivers\idgjdyke.sys [X]
S1 ifltdjef; \??\C:\Windows\system32\drivers\ifltdjef.sys [X]
S1 iizfoifs; \??\C:\Windows\system32\drivers\iizfoifs.sys [X]
S1 iqnhbdvq; \??\C:\Windows\system32\drivers\iqnhbdvq.sys [X]
S1 isqhwqev; \??\C:\Windows\system32\drivers\isqhwqev.sys [X]
S1 ixhieftk; \??\C:\Windows\system32\drivers\ixhieftk.sys [X]
S1 iyrgsflw; \??\C:\Windows\system32\drivers\iyrgsflw.sys [X]
S1 jaylpvsi; \??\C:\Windows\system32\drivers\jaylpvsi.sys [X]
S1 jcatrztn; \??\C:\Windows\system32\drivers\jcatrztn.sys [X]
S1 jcycgrei; \??\C:\Windows\system32\drivers\jcycgrei.sys [X]
S1 jgrnvpkj; \??\C:\Windows\system32\drivers\jgrnvpkj.sys [X]
S1 jkmusljk; \??\C:\Windows\system32\drivers\jkmusljk.sys [X]
S1 jpxtjkio; \??\C:\Windows\system32\drivers\jpxtjkio.sys [X]
S1 jqmbjpgd; \??\C:\Windows\system32\drivers\jqmbjpgd.sys [X]
S1 jvowifkl; \??\C:\Windows\system32\drivers\jvowifkl.sys [X]
S1 jwlfdfaj; \??\C:\Windows\system32\drivers\jwlfdfaj.sys [X]
S1 jyvadgqo; \??\C:\Windows\system32\drivers\jyvadgqo.sys [X]
S1 jzkappjj; \??\C:\Windows\system32\drivers\jzkappjj.sys [X]
S1 kkusmarh; \??\C:\Windows\system32\drivers\kkusmarh.sys [X]
S1 kmfmgcrn; \??\C:\Windows\system32\drivers\kmfmgcrn.sys [X]
S1 kniizfgl; \??\C:\Windows\system32\drivers\kniizfgl.sys [X]
S1 knxcvmxi; \??\C:\Windows\system32\drivers\knxcvmxi.sys [X]
S1 krcpyszc; \??\C:\Windows\system32\drivers\krcpyszc.sys [X]
S1 kukbgpdc; \??\C:\Windows\system32\drivers\kukbgpdc.sys [X]
S1 kuvgxyzv; \??\C:\Windows\system32\drivers\kuvgxyzv.sys [X]
S1 kxgsltph; \??\C:\Windows\system32\drivers\kxgsltph.sys [X]
S1 kxswxypa; \??\C:\Windows\system32\drivers\kxswxypa.sys [X]
S1 lgdkjibs; \??\C:\Windows\system32\drivers\lgdkjibs.sys [X]
S1 lgoxxidr; \??\C:\Windows\system32\drivers\lgoxxidr.sys [X]
S1 lgoznbng; \??\C:\Windows\system32\drivers\lgoznbng.sys [X]
S1 lissotdr; \??\C:\Windows\system32\drivers\lissotdr.sys [X]
S1 lmsjvtss; \??\C:\Windows\system32\drivers\lmsjvtss.sys [X]
S1 lnfrrpqs; \??\C:\Windows\system32\drivers\lnfrrpqs.sys [X]
S1 lojwzwzg; \??\C:\Windows\system32\drivers\lojwzwzg.sys [X]
S1 lrauwlsf; \??\C:\Windows\system32\drivers\lrauwlsf.sys [X]
S1 lwuacujw; \??\C:\Windows\system32\drivers\lwuacujw.sys [X]
S1 mcipyafi; \??\C:\Windows\system32\drivers\mcipyafi.sys [X]
S1 mgebdlnp; \??\C:\Windows\system32\drivers\mgebdlnp.sys [X]
S1 mgvuvtud; \??\C:\Windows\system32\drivers\mgvuvtud.sys [X]
S1 mithvmoy; \??\C:\Windows\system32\drivers\mithvmoy.sys [X]
S1 mkgbjtno; \??\C:\Windows\system32\drivers\mkgbjtno.sys [X]
S1 mnpfeshh; \??\C:\Windows\system32\drivers\mnpfeshh.sys [X]
S1 mqyurxge; \??\C:\Windows\system32\drivers\mqyurxge.sys [X]
S1 mvaindwh; \??\C:\Windows\system32\drivers\mvaindwh.sys [X]
S1 mvgugvyw; \??\C:\Windows\system32\drivers\mvgugvyw.sys [X]
S1 nbmwntmb; \??\C:\Windows\system32\drivers\nbmwntmb.sys [X]
S1 ncjgergc; \??\C:\Windows\system32\drivers\ncjgergc.sys [X]
S1 njygsjgx; \??\C:\Windows\system32\drivers\njygsjgx.sys [X]
S1 nkwxaqsh; \??\C:\Windows\system32\drivers\nkwxaqsh.sys [X]
S1 nlajornn; \??\C:\Windows\system32\drivers\nlajornn.sys [X]
S1 nlmvzprj; \??\C:\Windows\system32\drivers\nlmvzprj.sys [X]
S1 nnditjuj; \??\C:\Windows\system32\drivers\nnditjuj.sys [X]
S1 nphodbpj; \??\C:\Windows\system32\drivers\nphodbpj.sys [X]
S1 npnpjsfq; \??\C:\Windows\system32\drivers\npnpjsfq.sys [X]
S1 nqcprqgf; \??\C:\Windows\system32\drivers\nqcprqgf.sys [X]
S1 nqpzcgkp; \??\C:\Windows\system32\drivers\nqpzcgkp.sys [X]
S1 nrqvspqv; \??\C:\Windows\system32\drivers\nrqvspqv.sys [X]
S1 nujmgpan; \??\C:\Windows\system32\drivers\nujmgpan.sys [X]
S1 nweboxou; \??\C:\Windows\system32\drivers\nweboxou.sys [X]
S1 oamqjaqo; \??\C:\Windows\system32\drivers\oamqjaqo.sys [X]
S1 oayljxnt; \??\C:\Windows\system32\drivers\oayljxnt.sys [X]
S1 ocpszvfz; \??\C:\Windows\system32\drivers\ocpszvfz.sys [X]
S1 ocynoqna; \??\C:\Windows\system32\drivers\ocynoqna.sys [X]
S1 odbpuncl; \??\C:\Windows\system32\drivers\odbpuncl.sys [X]
S1 odcpznjh; \??\C:\Windows\system32\drivers\odcpznjh.sys [X]
S1 ogeagflw; \??\C:\Windows\system32\drivers\ogeagflw.sys [X]
S1 oglxewka; \??\C:\Windows\system32\drivers\oglxewka.sys [X]
S1 ojxfogsm; \??\C:\Windows\system32\drivers\ojxfogsm.sys [X]
S1 onufiftv; \??\C:\Windows\system32\drivers\onufiftv.sys [X]
S1 oppfjmia; \??\C:\Windows\system32\drivers\oppfjmia.sys [X]
S1 pchzibbq; \??\C:\Windows\system32\drivers\pchzibbq.sys [X]
S1 pgcnnswa; \??\C:\Windows\system32\drivers\pgcnnswa.sys [X]
S1 pglemvrb; \??\C:\Windows\system32\drivers\pglemvrb.sys [X]
S1 przljvff; \??\C:\Windows\system32\drivers\przljvff.sys [X]
S1 psekelod; \??\C:\Windows\system32\drivers\psekelod.sys [X]
S1 pttmsoqb; \??\C:\Windows\system32\drivers\pttmsoqb.sys [X]
S1 pwvcuwxh; \??\C:\Windows\system32\drivers\pwvcuwxh.sys [X]
S1 qcrfsvyd; \??\C:\Windows\system32\drivers\qcrfsvyd.sys [X]
S1 qeesisck; \??\C:\Windows\system32\drivers\qeesisck.sys [X]
S1 qfawyyhi; \??\C:\Windows\system32\drivers\qfawyyhi.sys [X]
S1 qhecmhpr; \??\C:\Windows\system32\drivers\qhecmhpr.sys [X]
S1 qqezhizf; \??\C:\Windows\system32\drivers\qqezhizf.sys [X]
S1 qsxooygb; \??\C:\Windows\system32\drivers\qsxooygb.sys [X]
S1 qsyhhjov; \??\C:\Windows\system32\drivers\qsyhhjov.sys [X]
S1 rbenjmir; \??\C:\Windows\system32\drivers\rbenjmir.sys [X]
S1 rbfrlded; \??\C:\Windows\system32\drivers\rbfrlded.sys [X]
S1 rbmhmwmj; \??\C:\Windows\system32\drivers\rbmhmwmj.sys [X]
S1 rgmdnheu; \??\C:\Windows\system32\drivers\rgmdnheu.sys [X]
S1 rgoudovu; \??\C:\Windows\system32\drivers\rgoudovu.sys [X]
S1 rkhxotsq; \??\C:\Windows\system32\drivers\rkhxotsq.sys [X]
S1 rkxihtdp; \??\C:\Windows\system32\drivers\rkxihtdp.sys [X]
S1 rltcluxo; \??\C:\Windows\system32\drivers\rltcluxo.sys [X]
S1 rpcfkutd; \??\C:\Windows\system32\drivers\rpcfkutd.sys [X]
S1 rquypmpx; \??\C:\Windows\system32\drivers\rquypmpx.sys [X]
S1 rumdpdgc; \??\C:\Windows\system32\drivers\rumdpdgc.sys [X]
S1 rwrlpevz; \??\C:\Windows\system32\drivers\rwrlpevz.sys [X]
S1 sbhpxono; \??\C:\Windows\system32\drivers\sbhpxono.sys [X]
S1 secmkskp; \??\C:\Windows\system32\drivers\secmkskp.sys [X]
S1 sidawwdp; \??\C:\Windows\system32\drivers\sidawwdp.sys [X]
S1 skkhoket; \??\C:\Windows\system32\drivers\skkhoket.sys [X]
S1 slaguawi; \??\C:\Windows\system32\drivers\slaguawi.sys [X]
S1 smdfbjpf; \??\C:\Windows\system32\drivers\smdfbjpf.sys [X]
S1 sphhrkmz; \??\C:\Windows\system32\drivers\sphhrkmz.sys [X]
S1 sqyrtdhp; \??\C:\Windows\system32\drivers\sqyrtdhp.sys [X]
S1 srezayyr; \??\C:\Windows\system32\drivers\srezayyr.sys [X]
S1 stjtcpse; \??\C:\Windows\system32\drivers\stjtcpse.sys [X]
S1 suzyovoj; \??\C:\Windows\system32\drivers\suzyovoj.sys [X]
S1 swxrrftq; \??\C:\Windows\system32\drivers\swxrrftq.sys [X]
S1 taenbpwk; \??\C:\Windows\system32\drivers\taenbpwk.sys [X]
S1 tajoakgu; \??\C:\Windows\system32\drivers\tajoakgu.sys [X]
S1 tdodzrnk; \??\C:\Windows\system32\drivers\tdodzrnk.sys [X]
S1 teqrikus; \??\C:\Windows\system32\drivers\teqrikus.sys [X]
S1 tgdddovj; \??\C:\Windows\system32\drivers\tgdddovj.sys [X]
S1 tjszaaoh; \??\C:\Windows\system32\drivers\tjszaaoh.sys [X]
S1 tmwmhoiu; \??\C:\Windows\system32\drivers\tmwmhoiu.sys [X]
S1 tstjrnww; \??\C:\Windows\system32\drivers\tstjrnww.sys [X]
S1 uantzubc; \??\C:\Windows\system32\drivers\uantzubc.sys [X]
S1 uapcyedy; \??\C:\Windows\system32\drivers\uapcyedy.sys [X]
S1 uciztyre; \??\C:\Windows\system32\drivers\uciztyre.sys [X]
S1 uemmbhgh; \??\C:\Windows\system32\drivers\uemmbhgh.sys [X]
S1 uemudjyl; \??\C:\Windows\system32\drivers\uemudjyl.sys [X]
S1 uhksjhqk; \??\C:\Windows\system32\drivers\uhksjhqk.sys [X]
S1 uhunzpub; \??\C:\Windows\system32\drivers\uhunzpub.sys [X]
S1 uinlqxne; \??\C:\Windows\system32\drivers\uinlqxne.sys [X]
S1 uperrywl; \??\C:\Windows\system32\drivers\uperrywl.sys [X]
S1 usgniqtp; \??\C:\Windows\system32\drivers\usgniqtp.sys [X]
S1 uwbahomr; \??\C:\Windows\system32\drivers\uwbahomr.sys [X]
S1 uwxjrhpg; \??\C:\Windows\system32\drivers\uwxjrhpg.sys [X]
S1 vbmpqcdm; \??\C:\Windows\system32\drivers\vbmpqcdm.sys [X]
S1 veaxmitl; \??\C:\Windows\system32\drivers\veaxmitl.sys [X]
S1 vgmqqyyr; \??\C:\Windows\system32\drivers\vgmqqyyr.sys [X]
S1 vkyckhqn; \??\C:\Windows\system32\drivers\vkyckhqn.sys [X]
S1 vlmlsmev; \??\C:\Windows\system32\drivers\vlmlsmev.sys [X]
S1 vmaxqlis; \??\C:\Windows\system32\drivers\vmaxqlis.sys [X]
S1 vmqjwoew; \??\C:\Windows\system32\drivers\vmqjwoew.sys [X]
S1 vpdhrkbv; \??\C:\Windows\system32\drivers\vpdhrkbv.sys [X]
S1 vwwofkyq; \??\C:\Windows\system32\drivers\vwwofkyq.sys [X]
S1 vytaqkgt; \??\C:\Windows\system32\drivers\vytaqkgt.sys [X]
S1 wojfbykh; \??\C:\Windows\system32\drivers\wojfbykh.sys [X]
S1 wswljzrf; \??\C:\Windows\system32\drivers\wswljzrf.sys [X]
S1 wuottphg; \??\C:\Windows\system32\drivers\wuottphg.sys [X]
S1 wwmefect; \??\C:\Windows\system32\drivers\wwmefect.sys [X]
S1 wwxbpjph; \??\C:\Windows\system32\drivers\wwxbpjph.sys [X]
S1 xgrpfcdf; \??\C:\Windows\system32\drivers\xgrpfcdf.sys [X]
S1 xispvyhv; \??\C:\Windows\system32\drivers\xispvyhv.sys [X]
S1 xllxlmhw; \??\C:\Windows\system32\drivers\xllxlmhw.sys [X]
S1 xnkynvmw; \??\C:\Windows\system32\drivers\xnkynvmw.sys [X]
S1 xnoqyecv; \??\C:\Windows\system32\drivers\xnoqyecv.sys [X]
S1 xoirjymn; \??\C:\Windows\system32\drivers\xoirjymn.sys [X]
S1 xwanafod; \??\C:\Windows\system32\drivers\xwanafod.sys [X]
S1 yddgzeuh; \??\C:\Windows\system32\drivers\yddgzeuh.sys [X]
S1 yemdmwuz; \??\C:\Windows\system32\drivers\yemdmwuz.sys [X]
S1 ynmtjlyd; \??\C:\Windows\system32\drivers\ynmtjlyd.sys [X]
S1 zcydxyxu; \??\C:\Windows\system32\drivers\zcydxyxu.sys [X]
S1 zhzihyzh; \??\C:\Windows\system32\drivers\zhzihyzh.sys [X]
S1 zjhirdnt; \??\C:\Windows\system32\drivers\zjhirdnt.sys [X]
S1 zruarque; \??\C:\Windows\system32\drivers\zruarque.sys [X]
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
Task: {9B232F11-3237-46DC-AFB1-123FD85FBA5D} - System32\Tasks\Fanri => C:\PROGRA~1\SHOPPE~1\Ykilsomn.bat
C:\PROGRA~1\SHOPPE~1
C:\Program Files (x86)\Popcorn Time
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\MAHE\AppData\Local\Temp\ReimagePackage.exe
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\Users\MAHE\Application Data:NT [40]
AlternateDataStreams: C:\Users\MAHE\Application Data:NT2 [322]
AlternateDataStreams: C:\Users\MAHE\Desktop\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Adware_Removal_Tool_by_TSA.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\adwcleaner_5.105.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\ComboFix (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\esetsmartinstaller_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\fws_setup_x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\poopsicle.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\poopsicle2.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\redhammer2.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\ReimageRepair.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\SpyHunter-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\MAHE\AppData\Roaming:NT2 [322]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 31 March 2016 - 02:38 PM

Yes, the ad is still there.

And it's just this one in particular. Before I performed the actions you just recommended, I used to get a popup which followed this:

 

https://gyazo.com/db06972c3182a6195b5b120994ace86b

 

Which would take up half of my screen, and then direct to me another website. Now it doesn't do any directing of any kind, just makes me close the boxes down.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by MAHE (2016-04-01 00:30:36) Run:1
Running from C:\Users\MAHE\Desktop\Antivirus
Loaded Profiles: MAHE (Available Profiles: MAHE & HP & MIT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-2514194259-2666533998-2452640257-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Extension: (Popup Blocker Pro) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-29]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S2 dnwnload; C:\Users\MAHE\AppData\Local\Lasantouch.exe peoductoow dnwnload [X]
S2 RalinkRegistryWriter; "C:\Program Files (x86)\OSTotoHotspot\RaRegistry.exe" [X]
S1 abysfdmq; \??\C:\Windows\system32\drivers\abysfdmq.sys [X]
S1 acucpysa; \??\C:\Windows\system32\drivers\acucpysa.sys [X]
S1 akrhsihz; \??\C:\Windows\system32\drivers\akrhsihz.sys [X]
S1 apgmglsd; \??\C:\Windows\system32\drivers\apgmglsd.sys [X]
S1 aqrfxcla; \??\C:\Windows\system32\drivers\aqrfxcla.sys [X]
S1 aresfktl; \??\C:\Windows\system32\drivers\aresfktl.sys [X]
S1 arrhiapp; \??\C:\Windows\system32\drivers\arrhiapp.sys [X]
S1 axvscytk; \??\C:\Windows\system32\drivers\axvscytk.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 bgczaues; \??\C:\Windows\system32\drivers\bgczaues.sys [X]
S1 bhkzxuru; \??\C:\Windows\system32\drivers\bhkzxuru.sys [X]
S1 bohqgiec; \??\C:\Windows\system32\drivers\bohqgiec.sys [X]
S1 buycfxxk; \??\C:\Windows\system32\drivers\buycfxxk.sys [X]
S1 bvsajiqd; \??\C:\Windows\system32\drivers\bvsajiqd.sys [X]
S1 bwcebrsf; \??\C:\Windows\system32\drivers\bwcebrsf.sys [X]
S1 bwyafpou; \??\C:\Windows\system32\drivers\bwyafpou.sys [X]
S1 bxzdyjxq; \??\C:\Windows\system32\drivers\bxzdyjxq.sys [X]
S1 ckwkzuiq; \??\C:\Windows\system32\drivers\ckwkzuiq.sys [X]
S1 cndcddds; \??\C:\Windows\system32\drivers\cndcddds.sys [X]
S1 crdydhhw; \??\C:\Windows\system32\drivers\crdydhhw.sys [X]
S1 cwjlrtam; \??\C:\Windows\system32\drivers\cwjlrtam.sys [X]
S1 cwvioeic; \??\C:\Windows\system32\drivers\cwvioeic.sys [X]
S1 cybiouxi; \??\C:\Windows\system32\drivers\cybiouxi.sys [X]
S1 cztekqyt; \??\C:\Windows\system32\drivers\cztekqyt.sys [X]
S1 dguafhyr; \??\C:\Windows\system32\drivers\dguafhyr.sys [X]
S1 dhedeafk; \??\C:\Windows\system32\drivers\dhedeafk.sys [X]
S1 dhqujiwg; \??\C:\Windows\system32\drivers\dhqujiwg.sys [X]
S1 dmqbcnur; \??\C:\Windows\system32\drivers\dmqbcnur.sys [X]
S1 dnswnbfs; \??\C:\Windows\system32\drivers\dnswnbfs.sys [X]
S1 dpphhcnb; \??\C:\Windows\system32\drivers\dpphhcnb.sys [X]
S1 dtoofjjj; \??\C:\Windows\system32\drivers\dtoofjjj.sys [X]
S1 dtsveazx; \??\C:\Windows\system32\drivers\dtsveazx.sys [X]
S1 dvbjodno; \??\C:\Windows\system32\drivers\dvbjodno.sys [X]
S1 dztiacio; \??\C:\Windows\system32\drivers\dztiacio.sys [X]
S1 ebucuerf; \??\C:\Windows\system32\drivers\ebucuerf.sys [X]
S1 eeuvitml; \??\C:\Windows\system32\drivers\eeuvitml.sys [X]
S1 efmdvuyd; \??\C:\Windows\system32\drivers\efmdvuyd.sys [X]
S1 eogvbkee; \??\C:\Windows\system32\drivers\eogvbkee.sys [X]
S1 eqshkubl; \??\C:\Windows\system32\drivers\eqshkubl.sys [X]
S1 eqskrasb; \??\C:\Windows\system32\drivers\eqskrasb.sys [X]
S1 etggraqt; \??\C:\Windows\system32\drivers\etggraqt.sys [X]
S1 eujljzih; \??\C:\Windows\system32\drivers\eujljzih.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 fdivkhzr; \??\C:\Windows\system32\drivers\fdivkhzr.sys [X]
S1 fedtdqlc; \??\C:\Windows\system32\drivers\fedtdqlc.sys [X]
S1 fflujasd; \??\C:\Windows\system32\drivers\fflujasd.sys [X]
S1 ffvwcshw; \??\C:\Windows\system32\drivers\ffvwcshw.sys [X]
S1 fhbrpgtx; \??\C:\Windows\system32\drivers\fhbrpgtx.sys [X]
S1 fjuvqsfx; \??\C:\Windows\system32\drivers\fjuvqsfx.sys [X]
S1 fkmkpbjp; \??\C:\Windows\system32\drivers\fkmkpbjp.sys [X]
S1 fktllxwo; \??\C:\Windows\system32\drivers\fktllxwo.sys [X]
S1 fnljkgad; \??\C:\Windows\system32\drivers\fnljkgad.sys [X]
S1 fnwfxcor; \??\C:\Windows\system32\drivers\fnwfxcor.sys [X]
S1 focuygna; \??\C:\Windows\system32\drivers\focuygna.sys [X]
S1 fzfwbemf; \??\C:\Windows\system32\drivers\fzfwbemf.sys [X]
S1 gesjafav; \??\C:\Windows\system32\drivers\gesjafav.sys [X]
S1 gjdjzkis; \??\C:\Windows\system32\drivers\gjdjzkis.sys [X]
S1 glpmsnzu; \??\C:\Windows\system32\drivers\glpmsnzu.sys [X]
S1 gmccaejw; \??\C:\Windows\system32\drivers\gmccaejw.sys [X]
S1 gonbawzn; \??\C:\Windows\system32\drivers\gonbawzn.sys [X]
S1 gonxyqed; \??\C:\Windows\system32\drivers\gonxyqed.sys [X]
S1 gosjwoxs; \??\C:\Windows\system32\drivers\gosjwoxs.sys [X]
S1 gozxdsaf; \??\C:\Windows\system32\drivers\gozxdsaf.sys [X]
S1 gyohfbjm; \??\C:\Windows\system32\drivers\gyohfbjm.sys [X]
S1 hanlqkjv; \??\C:\Windows\system32\drivers\hanlqkjv.sys [X]
S1 hdspomsy; \??\C:\Windows\system32\drivers\hdspomsy.sys [X]
S1 hklrfase; \??\C:\Windows\system32\drivers\hklrfase.sys [X]
S1 hksgdcsj; \??\C:\Windows\system32\drivers\hksgdcsj.sys [X]
S1 hmrdjmny; \??\C:\Windows\system32\drivers\hmrdjmny.sys [X]
S1 hqlqhlws; \??\C:\Windows\system32\drivers\hqlqhlws.sys [X]
S1 hrxdhdgp; \??\C:\Windows\system32\drivers\hrxdhdgp.sys [X]
S1 hseqfjin; \??\C:\Windows\system32\drivers\hseqfjin.sys [X]
S1 hsyvbnoi; \??\C:\Windows\system32\drivers\hsyvbnoi.sys [X]
S1 ibjsgpww; \??\C:\Windows\system32\drivers\ibjsgpww.sys [X]
S1 idgjdyke; \??\C:\Windows\system32\drivers\idgjdyke.sys [X]
S1 ifltdjef; \??\C:\Windows\system32\drivers\ifltdjef.sys [X]
S1 iizfoifs; \??\C:\Windows\system32\drivers\iizfoifs.sys [X]
S1 iqnhbdvq; \??\C:\Windows\system32\drivers\iqnhbdvq.sys [X]
S1 isqhwqev; \??\C:\Windows\system32\drivers\isqhwqev.sys [X]
S1 ixhieftk; \??\C:\Windows\system32\drivers\ixhieftk.sys [X]
S1 iyrgsflw; \??\C:\Windows\system32\drivers\iyrgsflw.sys [X]
S1 jaylpvsi; \??\C:\Windows\system32\drivers\jaylpvsi.sys [X]
S1 jcatrztn; \??\C:\Windows\system32\drivers\jcatrztn.sys [X]
S1 jcycgrei; \??\C:\Windows\system32\drivers\jcycgrei.sys [X]
S1 jgrnvpkj; \??\C:\Windows\system32\drivers\jgrnvpkj.sys [X]
S1 jkmusljk; \??\C:\Windows\system32\drivers\jkmusljk.sys [X]
S1 jpxtjkio; \??\C:\Windows\system32\drivers\jpxtjkio.sys [X]
S1 jqmbjpgd; \??\C:\Windows\system32\drivers\jqmbjpgd.sys [X]
S1 jvowifkl; \??\C:\Windows\system32\drivers\jvowifkl.sys [X]
S1 jwlfdfaj; \??\C:\Windows\system32\drivers\jwlfdfaj.sys [X]
S1 jyvadgqo; \??\C:\Windows\system32\drivers\jyvadgqo.sys [X]
S1 jzkappjj; \??\C:\Windows\system32\drivers\jzkappjj.sys [X]
S1 kkusmarh; \??\C:\Windows\system32\drivers\kkusmarh.sys [X]
S1 kmfmgcrn; \??\C:\Windows\system32\drivers\kmfmgcrn.sys [X]
S1 kniizfgl; \??\C:\Windows\system32\drivers\kniizfgl.sys [X]
S1 knxcvmxi; \??\C:\Windows\system32\drivers\knxcvmxi.sys [X]
S1 krcpyszc; \??\C:\Windows\system32\drivers\krcpyszc.sys [X]
S1 kukbgpdc; \??\C:\Windows\system32\drivers\kukbgpdc.sys [X]
S1 kuvgxyzv; \??\C:\Windows\system32\drivers\kuvgxyzv.sys [X]
S1 kxgsltph; \??\C:\Windows\system32\drivers\kxgsltph.sys [X]
S1 kxswxypa; \??\C:\Windows\system32\drivers\kxswxypa.sys [X]
S1 lgdkjibs; \??\C:\Windows\system32\drivers\lgdkjibs.sys [X]
S1 lgoxxidr; \??\C:\Windows\system32\drivers\lgoxxidr.sys [X]
S1 lgoznbng; \??\C:\Windows\system32\drivers\lgoznbng.sys [X]
S1 lissotdr; \??\C:\Windows\system32\drivers\lissotdr.sys [X]
S1 lmsjvtss; \??\C:\Windows\system32\drivers\lmsjvtss.sys [X]
S1 lnfrrpqs; \??\C:\Windows\system32\drivers\lnfrrpqs.sys [X]
S1 lojwzwzg; \??\C:\Windows\system32\drivers\lojwzwzg.sys [X]
S1 lrauwlsf; \??\C:\Windows\system32\drivers\lrauwlsf.sys [X]
S1 lwuacujw; \??\C:\Windows\system32\drivers\lwuacujw.sys [X]
S1 mcipyafi; \??\C:\Windows\system32\drivers\mcipyafi.sys [X]
S1 mgebdlnp; \??\C:\Windows\system32\drivers\mgebdlnp.sys [X]
S1 mgvuvtud; \??\C:\Windows\system32\drivers\mgvuvtud.sys [X]
S1 mithvmoy; \??\C:\Windows\system32\drivers\mithvmoy.sys [X]
S1 mkgbjtno; \??\C:\Windows\system32\drivers\mkgbjtno.sys [X]
S1 mnpfeshh; \??\C:\Windows\system32\drivers\mnpfeshh.sys [X]
S1 mqyurxge; \??\C:\Windows\system32\drivers\mqyurxge.sys [X]
S1 mvaindwh; \??\C:\Windows\system32\drivers\mvaindwh.sys [X]
S1 mvgugvyw; \??\C:\Windows\system32\drivers\mvgugvyw.sys [X]
S1 nbmwntmb; \??\C:\Windows\system32\drivers\nbmwntmb.sys [X]
S1 ncjgergc; \??\C:\Windows\system32\drivers\ncjgergc.sys [X]
S1 njygsjgx; \??\C:\Windows\system32\drivers\njygsjgx.sys [X]
S1 nkwxaqsh; \??\C:\Windows\system32\drivers\nkwxaqsh.sys [X]
S1 nlajornn; \??\C:\Windows\system32\drivers\nlajornn.sys [X]
S1 nlmvzprj; \??\C:\Windows\system32\drivers\nlmvzprj.sys [X]
S1 nnditjuj; \??\C:\Windows\system32\drivers\nnditjuj.sys [X]
S1 nphodbpj; \??\C:\Windows\system32\drivers\nphodbpj.sys [X]
S1 npnpjsfq; \??\C:\Windows\system32\drivers\npnpjsfq.sys [X]
S1 nqcprqgf; \??\C:\Windows\system32\drivers\nqcprqgf.sys [X]
S1 nqpzcgkp; \??\C:\Windows\system32\drivers\nqpzcgkp.sys [X]
S1 nrqvspqv; \??\C:\Windows\system32\drivers\nrqvspqv.sys [X]
S1 nujmgpan; \??\C:\Windows\system32\drivers\nujmgpan.sys [X]
S1 nweboxou; \??\C:\Windows\system32\drivers\nweboxou.sys [X]
S1 oamqjaqo; \??\C:\Windows\system32\drivers\oamqjaqo.sys [X]
S1 oayljxnt; \??\C:\Windows\system32\drivers\oayljxnt.sys [X]
S1 ocpszvfz; \??\C:\Windows\system32\drivers\ocpszvfz.sys [X]
S1 ocynoqna; \??\C:\Windows\system32\drivers\ocynoqna.sys [X]
S1 odbpuncl; \??\C:\Windows\system32\drivers\odbpuncl.sys [X]
S1 odcpznjh; \??\C:\Windows\system32\drivers\odcpznjh.sys [X]
S1 ogeagflw; \??\C:\Windows\system32\drivers\ogeagflw.sys [X]
S1 oglxewka; \??\C:\Windows\system32\drivers\oglxewka.sys [X]
S1 ojxfogsm; \??\C:\Windows\system32\drivers\ojxfogsm.sys [X]
S1 onufiftv; \??\C:\Windows\system32\drivers\onufiftv.sys [X]
S1 oppfjmia; \??\C:\Windows\system32\drivers\oppfjmia.sys [X]
S1 pchzibbq; \??\C:\Windows\system32\drivers\pchzibbq.sys [X]
S1 pgcnnswa; \??\C:\Windows\system32\drivers\pgcnnswa.sys [X]
S1 pglemvrb; \??\C:\Windows\system32\drivers\pglemvrb.sys [X]
S1 przljvff; \??\C:\Windows\system32\drivers\przljvff.sys [X]
S1 psekelod; \??\C:\Windows\system32\drivers\psekelod.sys [X]
S1 pttmsoqb; \??\C:\Windows\system32\drivers\pttmsoqb.sys [X]
S1 pwvcuwxh; \??\C:\Windows\system32\drivers\pwvcuwxh.sys [X]
S1 qcrfsvyd; \??\C:\Windows\system32\drivers\qcrfsvyd.sys [X]
S1 qeesisck; \??\C:\Windows\system32\drivers\qeesisck.sys [X]
S1 qfawyyhi; \??\C:\Windows\system32\drivers\qfawyyhi.sys [X]
S1 qhecmhpr; \??\C:\Windows\system32\drivers\qhecmhpr.sys [X]
S1 qqezhizf; \??\C:\Windows\system32\drivers\qqezhizf.sys [X]
S1 qsxooygb; \??\C:\Windows\system32\drivers\qsxooygb.sys [X]
S1 qsyhhjov; \??\C:\Windows\system32\drivers\qsyhhjov.sys [X]
S1 rbenjmir; \??\C:\Windows\system32\drivers\rbenjmir.sys [X]
S1 rbfrlded; \??\C:\Windows\system32\drivers\rbfrlded.sys [X]
S1 rbmhmwmj; \??\C:\Windows\system32\drivers\rbmhmwmj.sys [X]
S1 rgmdnheu; \??\C:\Windows\system32\drivers\rgmdnheu.sys [X]
S1 rgoudovu; \??\C:\Windows\system32\drivers\rgoudovu.sys [X]
S1 rkhxotsq; \??\C:\Windows\system32\drivers\rkhxotsq.sys [X]
S1 rkxihtdp; \??\C:\Windows\system32\drivers\rkxihtdp.sys [X]
S1 rltcluxo; \??\C:\Windows\system32\drivers\rltcluxo.sys [X]
S1 rpcfkutd; \??\C:\Windows\system32\drivers\rpcfkutd.sys [X]
S1 rquypmpx; \??\C:\Windows\system32\drivers\rquypmpx.sys [X]
S1 rumdpdgc; \??\C:\Windows\system32\drivers\rumdpdgc.sys [X]
S1 rwrlpevz; \??\C:\Windows\system32\drivers\rwrlpevz.sys [X]
S1 sbhpxono; \??\C:\Windows\system32\drivers\sbhpxono.sys [X]
S1 secmkskp; \??\C:\Windows\system32\drivers\secmkskp.sys [X]
S1 sidawwdp; \??\C:\Windows\system32\drivers\sidawwdp.sys [X]
S1 skkhoket; \??\C:\Windows\system32\drivers\skkhoket.sys [X]
S1 slaguawi; \??\C:\Windows\system32\drivers\slaguawi.sys [X]
S1 smdfbjpf; \??\C:\Windows\system32\drivers\smdfbjpf.sys [X]
S1 sphhrkmz; \??\C:\Windows\system32\drivers\sphhrkmz.sys [X]
S1 sqyrtdhp; \??\C:\Windows\system32\drivers\sqyrtdhp.sys [X]
S1 srezayyr; \??\C:\Windows\system32\drivers\srezayyr.sys [X]
S1 stjtcpse; \??\C:\Windows\system32\drivers\stjtcpse.sys [X]
S1 suzyovoj; \??\C:\Windows\system32\drivers\suzyovoj.sys [X]
S1 swxrrftq; \??\C:\Windows\system32\drivers\swxrrftq.sys [X]
S1 taenbpwk; \??\C:\Windows\system32\drivers\taenbpwk.sys [X]
S1 tajoakgu; \??\C:\Windows\system32\drivers\tajoakgu.sys [X]
S1 tdodzrnk; \??\C:\Windows\system32\drivers\tdodzrnk.sys [X]
S1 teqrikus; \??\C:\Windows\system32\drivers\teqrikus.sys [X]
S1 tgdddovj; \??\C:\Windows\system32\drivers\tgdddovj.sys [X]
S1 tjszaaoh; \??\C:\Windows\system32\drivers\tjszaaoh.sys [X]
S1 tmwmhoiu; \??\C:\Windows\system32\drivers\tmwmhoiu.sys [X]
S1 tstjrnww; \??\C:\Windows\system32\drivers\tstjrnww.sys [X]
S1 uantzubc; \??\C:\Windows\system32\drivers\uantzubc.sys [X]
S1 uapcyedy; \??\C:\Windows\system32\drivers\uapcyedy.sys [X]
S1 uciztyre; \??\C:\Windows\system32\drivers\uciztyre.sys [X]
S1 uemmbhgh; \??\C:\Windows\system32\drivers\uemmbhgh.sys [X]
S1 uemudjyl; \??\C:\Windows\system32\drivers\uemudjyl.sys [X]
S1 uhksjhqk; \??\C:\Windows\system32\drivers\uhksjhqk.sys [X]
S1 uhunzpub; \??\C:\Windows\system32\drivers\uhunzpub.sys [X]
S1 uinlqxne; \??\C:\Windows\system32\drivers\uinlqxne.sys [X]
S1 uperrywl; \??\C:\Windows\system32\drivers\uperrywl.sys [X]
S1 usgniqtp; \??\C:\Windows\system32\drivers\usgniqtp.sys [X]
S1 uwbahomr; \??\C:\Windows\system32\drivers\uwbahomr.sys [X]
S1 uwxjrhpg; \??\C:\Windows\system32\drivers\uwxjrhpg.sys [X]
S1 vbmpqcdm; \??\C:\Windows\system32\drivers\vbmpqcdm.sys [X]
S1 veaxmitl; \??\C:\Windows\system32\drivers\veaxmitl.sys [X]
S1 vgmqqyyr; \??\C:\Windows\system32\drivers\vgmqqyyr.sys [X]
S1 vkyckhqn; \??\C:\Windows\system32\drivers\vkyckhqn.sys [X]
S1 vlmlsmev; \??\C:\Windows\system32\drivers\vlmlsmev.sys [X]
S1 vmaxqlis; \??\C:\Windows\system32\drivers\vmaxqlis.sys [X]
S1 vmqjwoew; \??\C:\Windows\system32\drivers\vmqjwoew.sys [X]
S1 vpdhrkbv; \??\C:\Windows\system32\drivers\vpdhrkbv.sys [X]
S1 vwwofkyq; \??\C:\Windows\system32\drivers\vwwofkyq.sys [X]
S1 vytaqkgt; \??\C:\Windows\system32\drivers\vytaqkgt.sys [X]
S1 wojfbykh; \??\C:\Windows\system32\drivers\wojfbykh.sys [X]
S1 wswljzrf; \??\C:\Windows\system32\drivers\wswljzrf.sys [X]
S1 wuottphg; \??\C:\Windows\system32\drivers\wuottphg.sys [X]
S1 wwmefect; \??\C:\Windows\system32\drivers\wwmefect.sys [X]
S1 wwxbpjph; \??\C:\Windows\system32\drivers\wwxbpjph.sys [X]
S1 xgrpfcdf; \??\C:\Windows\system32\drivers\xgrpfcdf.sys [X]
S1 xispvyhv; \??\C:\Windows\system32\drivers\xispvyhv.sys [X]
S1 xllxlmhw; \??\C:\Windows\system32\drivers\xllxlmhw.sys [X]
S1 xnkynvmw; \??\C:\Windows\system32\drivers\xnkynvmw.sys [X]
S1 xnoqyecv; \??\C:\Windows\system32\drivers\xnoqyecv.sys [X]
S1 xoirjymn; \??\C:\Windows\system32\drivers\xoirjymn.sys [X]
S1 xwanafod; \??\C:\Windows\system32\drivers\xwanafod.sys [X]
S1 yddgzeuh; \??\C:\Windows\system32\drivers\yddgzeuh.sys [X]
S1 yemdmwuz; \??\C:\Windows\system32\drivers\yemdmwuz.sys [X]
S1 ynmtjlyd; \??\C:\Windows\system32\drivers\ynmtjlyd.sys [X]
S1 zcydxyxu; \??\C:\Windows\system32\drivers\zcydxyxu.sys [X]
S1 zhzihyzh; \??\C:\Windows\system32\drivers\zhzihyzh.sys [X]
S1 zjhirdnt; \??\C:\Windows\system32\drivers\zjhirdnt.sys [X]
S1 zruarque; \??\C:\Windows\system32\drivers\zruarque.sys [X]
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
Task: {9B232F11-3237-46DC-AFB1-123FD85FBA5D} - System32\Tasks\Fanri => C:\PROGRA~1\SHOPPE~1\Ykilsomn.bat
C:\PROGRA~1\SHOPPE~1
C:\Program Files (x86)\Popcorn Time
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\MAHE\AppData\Local\Temp\ReimagePackage.exe
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\Users\MAHE\Application Data:NT [40]
AlternateDataStreams: C:\Users\MAHE\Application Data:NT2 [322]
AlternateDataStreams: C:\Users\MAHE\Desktop\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Adware_Removal_Tool_by_TSA.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\adwcleaner_5.105.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\ComboFix (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\esetsmartinstaller_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\fws_setup_x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\poopsicle.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\poopsicle2.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\redhammer2.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\ReimageRepair.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\SpyHunter-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\MAHE\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\MAHE\AppData\Roaming:NT2 [322]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Popcorn Time\Updater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2514194259-2666533998-2452640257-1001\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai => moved successfully
C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Update service => service removed successfully
dnwnload => service removed successfully
RalinkRegistryWriter => service removed successfully
abysfdmq => service removed successfully
acucpysa => service removed successfully
akrhsihz => service removed successfully
apgmglsd => service removed successfully
aqrfxcla => service removed successfully
aresfktl => service removed successfully
arrhiapp => service removed successfully
axvscytk => service removed successfully
BAPIDRV => service removed successfully
bgczaues => service removed successfully
bhkzxuru => service removed successfully
bohqgiec => service removed successfully
buycfxxk => service removed successfully
bvsajiqd => service removed successfully
bwcebrsf => service removed successfully
bwyafpou => service removed successfully
bxzdyjxq => service removed successfully
ckwkzuiq => service removed successfully
cndcddds => service removed successfully
crdydhhw => service removed successfully
cwjlrtam => service removed successfully
cwvioeic => service removed successfully
cybiouxi => service removed successfully
cztekqyt => service removed successfully
dguafhyr => service removed successfully
dhedeafk => service removed successfully
dhqujiwg => service removed successfully
dmqbcnur => service removed successfully
dnswnbfs => service removed successfully
dpphhcnb => service removed successfully
dtoofjjj => service removed successfully
dtsveazx => service removed successfully
dvbjodno => service removed successfully
dztiacio => service removed successfully
ebucuerf => service removed successfully
eeuvitml => service removed successfully
efmdvuyd => service removed successfully
eogvbkee => service removed successfully
eqshkubl => service removed successfully
eqskrasb => service removed successfully
etggraqt => service removed successfully
eujljzih => service removed successfully
FairplayKD => service removed successfully
fdivkhzr => service removed successfully
fedtdqlc => service removed successfully
fflujasd => service removed successfully
ffvwcshw => service removed successfully
fhbrpgtx => service removed successfully
fjuvqsfx => service removed successfully
fkmkpbjp => service removed successfully
fktllxwo => service removed successfully
fnljkgad => service removed successfully
fnwfxcor => service removed successfully
focuygna => service removed successfully
fzfwbemf => service removed successfully
gesjafav => service removed successfully
gjdjzkis => service removed successfully
glpmsnzu => service removed successfully
gmccaejw => service removed successfully
gonbawzn => service removed successfully
gonxyqed => service removed successfully
gosjwoxs => service removed successfully
gozxdsaf => service removed successfully
gyohfbjm => service removed successfully
hanlqkjv => service removed successfully
hdspomsy => service removed successfully
hklrfase => service removed successfully
hksgdcsj => service removed successfully
hmrdjmny => service removed successfully
hqlqhlws => service removed successfully
hrxdhdgp => service removed successfully
hseqfjin => service removed successfully
hsyvbnoi => service removed successfully
ibjsgpww => service removed successfully
idgjdyke => service removed successfully
ifltdjef => service removed successfully
iizfoifs => service removed successfully
iqnhbdvq => service removed successfully
isqhwqev => service removed successfully
ixhieftk => service removed successfully
iyrgsflw => service removed successfully
jaylpvsi => service removed successfully
jcatrztn => service removed successfully
jcycgrei => service removed successfully
jgrnvpkj => service removed successfully
jkmusljk => service removed successfully
jpxtjkio => service removed successfully
jqmbjpgd => service removed successfully
jvowifkl => service removed successfully
jwlfdfaj => service removed successfully
jyvadgqo => service removed successfully
jzkappjj => service removed successfully
kkusmarh => service removed successfully
kmfmgcrn => service removed successfully
kniizfgl => service removed successfully
knxcvmxi => service removed successfully
krcpyszc => service removed successfully
kukbgpdc => service removed successfully
kuvgxyzv => service removed successfully
kxgsltph => service removed successfully
kxswxypa => service removed successfully
lgdkjibs => service removed successfully
lgoxxidr => service removed successfully
lgoznbng => service removed successfully
lissotdr => service removed successfully
lmsjvtss => service removed successfully
lnfrrpqs => service removed successfully
lojwzwzg => service removed successfully
lrauwlsf => service removed successfully
lwuacujw => service removed successfully
mcipyafi => service removed successfully
mgebdlnp => service removed successfully
mgvuvtud => service removed successfully
mithvmoy => service removed successfully
mkgbjtno => service removed successfully
mnpfeshh => service removed successfully
mqyurxge => service removed successfully
mvaindwh => service removed successfully
mvgugvyw => service removed successfully
nbmwntmb => service removed successfully
ncjgergc => service removed successfully
njygsjgx => service removed successfully
nkwxaqsh => service removed successfully
nlajornn => service removed successfully
nlmvzprj => service removed successfully
nnditjuj => service removed successfully
nphodbpj => service removed successfully
npnpjsfq => service removed successfully
nqcprqgf => service removed successfully
nqpzcgkp => service removed successfully
nrqvspqv => service removed successfully
nujmgpan => service removed successfully
nweboxou => service removed successfully
oamqjaqo => service removed successfully
oayljxnt => service removed successfully
ocpszvfz => service removed successfully
ocynoqna => service removed successfully
odbpuncl => service removed successfully
odcpznjh => service removed successfully
ogeagflw => service removed successfully
oglxewka => service removed successfully
ojxfogsm => service removed successfully
onufiftv => service removed successfully
oppfjmia => service removed successfully
pchzibbq => service removed successfully
pgcnnswa => service removed successfully
pglemvrb => service removed successfully
przljvff => service removed successfully
psekelod => service removed successfully
pttmsoqb => service removed successfully
pwvcuwxh => service removed successfully
qcrfsvyd => service removed successfully
qeesisck => service removed successfully
qfawyyhi => service removed successfully
qhecmhpr => service removed successfully
qqezhizf => service removed successfully
qsxooygb => service removed successfully
qsyhhjov => service removed successfully
rbenjmir => service removed successfully
rbfrlded => service removed successfully
rbmhmwmj => service removed successfully
rgmdnheu => service removed successfully
rgoudovu => service removed successfully
rkhxotsq => service removed successfully
rkxihtdp => service removed successfully
rltcluxo => service removed successfully
rpcfkutd => service removed successfully
rquypmpx => service removed successfully
rumdpdgc => service removed successfully
rwrlpevz => service removed successfully
sbhpxono => service removed successfully
secmkskp => service removed successfully
sidawwdp => service removed successfully
skkhoket => service removed successfully
slaguawi => service removed successfully
smdfbjpf => service removed successfully
sphhrkmz => service removed successfully
sqyrtdhp => service removed successfully
srezayyr => service removed successfully
stjtcpse => service removed successfully
suzyovoj => service removed successfully
swxrrftq => service removed successfully
taenbpwk => service removed successfully
tajoakgu => service removed successfully
tdodzrnk => service removed successfully
teqrikus => service removed successfully
tgdddovj => service removed successfully
tjszaaoh => service removed successfully
tmwmhoiu => service removed successfully
tstjrnww => service removed successfully
uantzubc => service removed successfully
uapcyedy => service removed successfully
uciztyre => service removed successfully
uemmbhgh => service removed successfully
uemudjyl => service removed successfully
uhksjhqk => service removed successfully
uhunzpub => service removed successfully
uinlqxne => service removed successfully
uperrywl => service removed successfully
usgniqtp => service removed successfully
uwbahomr => service removed successfully
uwxjrhpg => service removed successfully
vbmpqcdm => service removed successfully
veaxmitl => service removed successfully
vgmqqyyr => service removed successfully
vkyckhqn => service removed successfully
vlmlsmev => service removed successfully
vmaxqlis => service removed successfully
vmqjwoew => service removed successfully
vpdhrkbv => service removed successfully
vwwofkyq => service removed successfully
vytaqkgt => service removed successfully
wojfbykh => service removed successfully
wswljzrf => service removed successfully
wuottphg => service removed successfully
wwmefect => service removed successfully
wwxbpjph => service removed successfully
xgrpfcdf => service removed successfully
xispvyhv => service removed successfully
xllxlmhw => service removed successfully
xnkynvmw => service removed successfully
xnoqyecv => service removed successfully
xoirjymn => service removed successfully
xwanafod => service removed successfully
yddgzeuh => service removed successfully
yemdmwuz => service removed successfully
ynmtjlyd => service removed successfully
zcydxyxu => service removed successfully
zhzihyzh => service removed successfully
zjhirdnt => service removed successfully
zruarque => service removed successfully
"HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}" => key removed successfully
"HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}" => key removed successfully
"HKU\S-1-5-21-2514194259-2666533998-2452640257-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B232F11-3237-46DC-AFB1-123FD85FBA5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B232F11-3237-46DC-AFB1-123FD85FBA5D}" => key removed successfully
C:\Windows\System32\Tasks\Fanri => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fanri" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
C:\Program Files (x86)\Popcorn Time => moved successfully
"C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai" => not found.
"C:\Users\MAHE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Users\MAHE\AppData\Local\Temp\ReimagePackage.exe => moved successfully
C:\ProgramData => ":NT" ADS removed successfully.
C:\ProgramData => ":NT2" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\Users\All Users" => ":NT2" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT2" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\ProgramData\MTA San Andreas All => ":NT2" ADS removed successfully.
"C:\Users\MAHE\Application Data" => ":NT" ADS not found.
"C:\Users\MAHE\Application Data" => ":NT2" ADS not found.
C:\Users\MAHE\Desktop\ChromeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\Adware_Removal_Tool_by_TSA.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\AdwCleaner.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\adwcleaner_5.105.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\ComboFix (1).exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\esetsmartinstaller_enu.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\fws_setup_x64 (1).exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\mbam-setup-2.2.1.1043.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\poopsicle.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\poopsicle2.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\redhammer2.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\ReimageRepair.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup (1).exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\Social Club v1.1.0.1 Setup.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\SpyHunter-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\Downloads\tdsskiller.exe => ":BDU" ADS removed successfully.
C:\Users\MAHE\AppData\Roaming => ":NT" ADS removed successfully.
C:\Users\MAHE\AppData\Roaming => ":NT2" ADS removed successfully.
EmptyTemp: => 343.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 00:32:47 ====


#6 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 01 April 2016 - 05:16 AM

Update: Back to square one. Ignore this- "Which would take up half of my screen, and then direct to me another website. Now it doesn't do any directing of any kind, just makes me close the boxes down."



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 01 April 2016 - 07:34 AM

There could be some remnant items that I do not see.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

p.s.
If you right click on the blank popup can you get any meaningful information from it?
When do you get this popup?

#8 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 01 April 2016 - 12:24 PM

I'll post the scan results when they're done...might take a bit of time, indeed.

 

As for your questions, these are the popups:

 

https://gyazo.com/567816a8a78413204c966b2aa191d3b8

https://gyazo.com/11731a766a473171c5a80899e4eea996

 

It's the same one, with variations in text here and there.

 

When I right click on the text in the ad,

 

If I click on open link in new tab, nothing happens.

When I copy link address, I get links like these:

http://t1459526660.lokvel.ru/1blcndg18x13432wyp1o0qzx4wt8wj0wv1hcytqd16wc3rwumn43jm0?if=&s=fr%3Dadtop%26r%3D0.41435178625397384

http://t1459526504.lokvel.ru/10aghx8ok10ph09zr2a4148wxo8mdu1a4quqp2it0u1biodb7z3bg94?if=&s=fr%3Dadtop%26r%3D0.13520379434339702

 

Surprisingly, I don't get this popups when I use my forum on forumotions, youtube, other few sites. It's there everywhere else. In the past couple of days, another pop up would open just as soon as I saw it. As I had stated before, it took up half my screen, gave me a 30 second timer, but usually just directed me to another website. Just weird stuff, basically just adware.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 01 April 2016 - 12:54 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem perists iin Chrome continue.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

#10 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 01 April 2016 - 01:50 PM

I think it's fixed! I've poked around the internet and can see no ads. I was running the ESET scan, but FRST closed that window. I had noticed 6 threats, and the scan was at 23% after a couple of hours. I'll run the scan once again, and leave it to run. Once it's finished, I shall post the results here just to be safe. I really appreciate your help, Nas.

 

This is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by MAHE (2016-04-01 23:52:19) Run:2
Running from C:\Users\MAHE\Desktop\Antivirus
Loaded Profiles: MAHE (Available Profiles: MAHE & HP & MIT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CloseProcesses:
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Processes closed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::9998:825:e3fc:4225%13
   Default Gateway . . . . . . . . . : fe80::ed2:b5ff:fe22:29ac%13
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::9998:825:e3fc:4225%13
   IPv4 Address. . . . . . . . . . . : 192.168.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::ed2:b5ff:fe22:29ac%13
                                       192.168.1.1
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 23:52:46 ====


#11 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 April 2016 - 07:49 AM

The ads are back. 

 

And here are the results of ESET scan:

 

C:\Users\MAHE\AppData\Local\Camera Comp\zBin\evfy.dll a variant of MSIL/Toolbar.CrossRider.A potentially unwanted application
C:\Users\MAHE\AppData\Roaming\uTorrent\updates\3.4.2_37122.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\MAHE\Downloads\BitTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\MAHE\Downloads\Game-of-Thrones-Telltale-Game-Episode-1-Downloader.rar a variant of MSIL/FakeTool.AEW trojan
C:\Users\MAHE\Downloads\ijl15.dll.zip a variant of Win32/SmartTweak.A potentially unwanted application
C:\Users\MAHE\Downloads\uTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\DmC - Devil May Cry\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
D:\Football Manager 2015 PC full game ^^nosTEAM^^\FM-2015-nosTEAM.exe Win32/HackTool.Crack.CX potentially unsafe application
D:\Left 4 Dead 2 - V2.0.1.1 (Patched For Online Gameplay) PROPER .Full-Rip. [blaze69]\Left 4 Dead 2\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application
F:\Age Of Empires 2 & The Conquerors Expansion - Full Game\Age2_x1\AoE2Wide\Process.exe Win32/PrcView potentially unsafe application
F:\Civilization V\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application
F:\Crusader Kings II\steam_api.dll Win32/HackTool.Crack.DW potentially unsafe application
F:\Europa Universalis IV - v1.8 + 31 DLCs [RezMar]\EU IV - Update - 1.8 - 1.8.1 Hotfix [RezMar]\EU IV - Update - 1.8 - 1.8.1 Hotfix [RezMar].rar a variant of Win32/Packed.VMProtect.ABD trojan
F:\L.A.Noire\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 02 April 2016 - 08:45 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#13 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 April 2016 - 09:21 AM

Looks like they're gone again. Think they'll stay gone?

 

Here's the log:

 

 

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : MAHE [Administrator]
Started from : C:\Users\MAHE\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/02/2016 19:44:36
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60010;https=127.0.0.1:60010  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60010;https=127.0.0.1:60010  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60010;https=127.0.0.1:60010  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60010;https=127.0.0.1:60010  -> ERROR [2]
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Opera scheduled Autoupdate 1447964896 -- C:\Users\MAHE\AppData\Local\Programs\Opera\launcher.exe (--scheduledautoupdate) -> Deleted
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE} -> Deleted
[PUP][File] C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\0x0409.ini -> Deleted
[PUP][File] C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}\HP Support Assistant.msi -> Deleted
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 7dc791c1df628bfbf8262e87e1929231
[BSP] 9eedcf5e4c13b7acb78deefe61e89cc3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 102050 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209717248 | Size: 187000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 592693248 | Size: 187538 MB
User = LL1 ... OK
User = LL2 ... OK


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 PM

Posted 02 April 2016 - 12:58 PM

Keep an eye on it and let me know if 2 or 3 days if the problem returns.

#15 JohnnyZ

JohnnyZ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 03 April 2016 - 12:04 AM

Yup, they're back...

 

 

https://gyazo.com/93ce078ebf59a6171b653658770d1199

https://gyazo.com/2f205d0edd9b9e987fd3d17f0e5e47e4






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users