Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by continue last version


  • This topic is locked This topic is locked
2 replies to this topic

#1 ateppp

ateppp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 September 2016 - 06:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by User (administrator) on USER-PC (07-09-2016 18:43:50)
Running from C:\Users\User\Downloads\Programs
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Symantec Corporation) D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
() C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\ProgramData\Logic Handler\set.exe
(Symantec Corporation) D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\SOEasy.3\SSoEasyySvc3.exe
() C:\Program Files (x86)\SOEasy.4\SSoEasyySvc4.exe
() C:\Program Files (x86)\SOEasy.5\SSoEasyySvc5.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
(Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsE25D.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
() C:\Users\User\AppData\Roaming\Geunfy\Geunfy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\User\AppData\Roaming\Geunfy\Yurejjaeb.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Users\User\AppData\Roaming\Geunfy\Yjetipudl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\MS.Default\Helper.3\Helper33.exe
() C:\Users\MS.Default\Helper.4\Helper44.exe
() C:\Users\MS.Default\Helper.5\Helper55.exe
(Symantec Corporation) D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(FNet Co., Ltd.) C:\ProgramData\AutoStarter\AutoStarter.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\Temp\A219.tmp
() C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\kns9E.tmp
() C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsDF3C.tmp
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsC1D0.tmp
() C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsA455.tmp
(Trend Corp.) C:\Users\User\AppData\Roaming\setup1\TSvr.exe
() C:\Program Files (x86)\WinSaber\WinSaber.exe
(ExWzp Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [2799784 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AutoStarter] => C:\ProgramData\AutoStarter\AutoStarter.exe [1420552 2015-12-09] (FNet Co., Ltd.)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-07] (Spotify Ltd)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIN4E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\MountPoints2: {1810584e-48ab-11e5-9fc2-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\MountPoints2: {559246d2-9722-11e5-b626-fcaa1472e565} - "F:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2525760200-2201876012-1921798691-1000] => hxxp://nonblock.net/wpad.dat?bcb2585fbfb9e72c7b7709c5d00f8c3015659847
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.142.82.222
Tcpip\..\Interfaces\{883CBD56-2DC6-4226-979C-497EB4A8D939}: [DhcpNameServer] 203.142.82.222
ManualProxies: 0hxxp://nonblock.net/wpad.dat?bcb2585fbfb9e72c7b7709c5d00f8c3015659847
 
Internet Explorer:
==================
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35weF8yx02d2Z_cHmZVKT9-tyIg62Gmpa0PTSUqgQGPIucSgXZpDOU-61nKA2uUAGmdf5PrrQ56w3sOfbc5zzCl1gWEN0
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2525760200-2201876012-1921798691-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2525760200-2201876012-1921798691-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-2525760200-2201876012-1921798691-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPmlMHrD_xlOeu95O25-Vru3zPEwsHqlKFk5VJ8_3RDO8BPgrf6ynZqmNQcACtBl6tauTALfm-f0c35wvNAwadQob2Ozx1dTcvk0sJ1zjRui_YBN9EbTX_bNiuxxJ3tu3GT81IqNvlQUFSo88ujDcxievoJqMDquK9sBgjJIK2&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2525760200-2201876012-1921798691-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2525760200-2201876012-1921798691-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Profiles\e97n0zct.default
FF NewTab: hxxp://www.trotux.com/?z=ad12e0cad4faa51857a8cd2g7z6mbo3b7t1m6m0t8b&from=epf1&uid=WDCXWD20EZRX-00D8PB0_WD-WMC4M0F02RZT02RZT&type=hp
FF DefaultSearchEngine: trotux
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=ad12e0cad4faa51857a8cd2g7z6mbo3b7t1m6m0t8b&from=epf1&uid=WDCXWD20EZRX-00D8PB0_WD-WMC4M0F02RZT02RZT&type=hp
FF NetworkProxy: "http", "213.221.56.213"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-07-22] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Profiles\e97n0zct.default\user.js [2016-09-03]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\35r8jaen.default\searchplugins\MPC Safe Search.xml [2016-09-03]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Profiles\e97n0zct.default\searchplugins\vmnvecm9.xml [2016-09-03]
FF Extension: (FlashGot) - C:\Users\User\AppData\Roaming\Profiles\e97n0zct.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-22]
FF Extension: (Firefox Homepage) - C:\Program Files (x86)\Mozilla Firefox\browser\features\googletestNT@mozillaonline.com [2016-09-03] [not signed]
FF Extension: (FlashGot) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\35r8jaen.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-22]
FF HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2016-09-07] [not signed]
 
Chrome: 
=======
CHR HomePage: dtithershboyjerotion -> search.mpc.am
CHR StartupUrls: dtithershboyjerotion -> "chrome://newtab/"
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-26]
CHR HKU\S-1-5-21-2525760200-2201876012-1921798691-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 BSSoEasySvc3; C:\Program Files (x86)\SOEasy.3\SSoEasyySvc3.exe [180740 2016-09-03] () [File not signed]
R2 BSSoEasySvc4; C:\Program Files (x86)\SOEasy.4\SSoEasyySvc4.exe [180740 2016-09-03] () [File not signed]
R2 BSSoEasySvc5; C:\Program Files (x86)\SOEasy.5\SSoEasyySvc5.exe [180740 2016-09-03] () [File not signed]
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 cihoqupe; C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsDF3C.tmp [728064 2016-09-07] () [File not signed]
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [707072 2016-09-03] () [File not signed]
R2 gegitunyzbt; C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsE25D.tmp [439296 2016-09-06] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 IhPul; C:\Users\User\AppData\Roaming\setup1\TSvr.exe [205520 2016-09-05] (Trend Corp.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 koriqito; C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsC1D0.tmp [767488 2016-09-07] () [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-07-22] (Nitro Software, Inc.)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-07-22] ()
R2 Noije; C:\Users\User\AppData\Roaming\Geunfy\Geunfy.exe [170496 2016-08-11] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 pidewuhi; C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\knsA455.tmp [773632 2016-09-07] () [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3337728 2016-08-03] (Microsoft Corporation) [File not signed]
R2 SmcService; D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2009-11-09] (Symantec Corporation)
S3 SNAC; D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2009-10-25] (Symantec Corporation)
R2 Symantec AntiVirus; D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2009-11-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [477464 2016-09-07] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1297144 2016-09-07] (ExWzp Pvt Ltd.) <==== ATTENTION
R2 xyrirege; C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009\kns9E.tmp [799232 2016-09-07] () [File not signed]
S2 Zbnverfierplilatzerpeward.exe; C:\Program Files (x86)\Chorerentkzaty\Zbnverfierplilatzerpeward.exe [370776 2016-09-02] ()
R2 ZSHelper33; C:\Users\MS.Default\Helper.3\Helper33.exe [180740 2016-09-03] () [File not signed]
R2 ZSHelper44; C:\Users\MS.Default\Helper.4\Helper44.exe [180740 2016-09-03] () [File not signed]
R2 ZSHelper55; C:\Users\MS.Default\Helper.5\Helper55.exe [180740 2016-09-03] () [File not signed]
S2 Bokvunnu; "C:\Users\User\AppData\Roaming\GowvePitpagf\Lurzem.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-09-03] (Cherimoya Ltd) <==== ATTENTION
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-10-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2009-10-19] (Symantec Corporation)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2015-12-09] (FNet Co., Ltd.)
R1 FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [37128 2015-12-09] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20091019.019\ENG64.SYS [116272 2009-10-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20091019.019\EX64.SYS [1742896 2009-10-19] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2016-09-05] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2009-11-09] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-07 18:17 - 2016-09-07 18:17 - 00003438 _____ C:\Windows\System32\Tasks\ChelfNotify Task
2016-09-07 18:17 - 2016-09-07 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\setup1
2016-09-07 18:17 - 2016-09-07 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\eCyber
2016-09-07 18:17 - 2016-09-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-09-07 18:17 - 2016-09-07 18:17 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-09-07 18:17 - 2016-09-07 18:17 - 00000000 ____D C:\Program Files (x86)\nj6hxskh
2016-09-07 13:33 - 2016-09-07 18:43 - 00000000 ____D C:\FRST
2016-09-07 13:29 - 2016-09-07 13:29 - 00003599 _____ C:\Users\User\Desktop\fixlist.txt
2016-09-06 17:29 - 2016-09-06 17:29 - 00482436 _____ C:\Users\User\Desktop\Surat Bebas Napza Yunus_opt.pdf
2016-09-06 17:27 - 2016-09-06 17:27 - 01368531 _____ C:\Users\User\Downloads\Surat Bebas Napza Yunus.pdf
2016-09-06 09:50 - 2016-09-06 11:43 - 00619318 _____ C:\Users\User\Desktop\12.xlsx
2016-09-06 09:30 - 2016-09-07 10:32 - 01194425 _____ C:\Users\User\Desktop\17.xlsx
2016-09-05 21:50 - 2016-09-05 22:40 - 01182446 _____ C:\Users\User\Desktop\15.xlsx
2016-09-05 20:35 - 2016-09-06 17:46 - 01183178 _____ C:\Users\User\Desktop\13.xlsx
2016-09-05 20:10 - 2016-09-05 20:10 - 00189878 _____ C:\Windows\ntbtlog.txt
2016-09-05 15:08 - 2016-09-05 15:08 - 00001180 _____ C:\Users\User\Desktop\Continue Last version Installation.lnk
2016-09-05 10:02 - 2016-09-05 10:02 - 00000000 ____D C:\Windows\pss
2016-09-05 08:33 - 2016-09-05 08:33 - 00000000 ____D C:\Users\User\AppData\Local\Symantec
2016-09-05 08:32 - 2016-09-05 08:32 - 00172592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-09-05 08:32 - 2016-09-05 08:32 - 00007440 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-09-05 08:32 - 2016-09-05 08:32 - 00000000 ____D C:\Program Files\Symantec
2016-09-05 08:31 - 2016-09-05 08:31 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-09-05 08:31 - 2009-07-13 12:06 - 00511328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll
2016-09-05 08:31 - 2007-03-21 20:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.DLL
2016-09-05 08:31 - 2007-03-21 20:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP71.DLL
2016-09-05 08:31 - 2007-03-21 20:33 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR71.DLL
2016-09-05 08:29 - 2016-09-05 08:32 - 00000000 ____D C:\ProgramData\Symantec
2016-09-05 08:29 - 2016-09-05 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2016-09-04 17:16 - 2016-09-04 17:16 - 00142336 ____H C:\Program Files (x86)\local64spl.dll
2016-09-04 17:16 - 2016-09-04 17:16 - 00000020 ____H C:\Program Files (x86)\local64spl.dll.ini
2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.5_
2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.4_
2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.3_
2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Program Files (x86)_
2016-09-03 20:18 - 2016-09-07 18:39 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-03 20:18 - 2016-09-07 18:39 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-03 20:17 - 2016-09-07 18:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-03 20:17 - 2016-09-07 09:11 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 20:17 - 2016-09-03 20:17 - 01065376 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2016-09-03 20:17 - 2016-09-03 20:17 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-03 20:17 - 2016-09-03 20:17 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-03 18:31 - 2016-09-03 18:31 - 00000000 ____D C:\Users\User\AppData\Roaming\MCorp
2016-09-03 18:14 - 2016-09-03 18:14 - 00000000 ____D C:\Users\User\AppData\LocalLow008B5F70
2016-09-03 18:14 - 2016-09-03 18:14 - 00000000 ____D C:\Users\User\AppData\LocalLow000000000027D9D8
2016-09-03 18:05 - 2016-09-03 18:05 - 00000000 ____D C:\Windows\system32\wikq
2016-09-03 17:36 - 2016-09-03 19:36 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Geunfy
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 ____D C:\Users\User\AppData\LocalLow\Company
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 ____D C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 ____D C:\uninst
2016-09-03 17:27 - 2016-09-03 17:27 - 00000000 ____D C:\Program Files (x86)\DPower
2016-09-03 17:26 - 2016-09-03 18:54 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-09-03 17:26 - 2016-09-03 18:53 - 00000000 ____D C:\Program Files (x86)\host
2016-09-03 17:26 - 2016-09-03 18:42 - 00000000 ____D C:\Users\User\AppData\Local\app
2016-09-03 17:26 - 2016-09-03 18:35 - 00000000 ____D C:\Windows\system32\SSL
2016-09-03 17:26 - 2016-09-03 17:26 - 07085568 _____ C:\Users\User\AppData\Roaming\agent.dat
2016-09-03 17:26 - 2016-09-03 17:26 - 02279413 _____ C:\Users\User\AppData\Roaming\Fixtouch.bin
2016-09-03 17:26 - 2016-09-03 17:26 - 01904978 _____ C:\Users\User\AppData\Roaming\LotQuotouch.tst
2016-09-03 17:26 - 2016-09-03 17:26 - 00126464 _____ C:\Users\User\AppData\Roaming\noah.dat
2016-09-03 17:26 - 2016-09-03 17:26 - 00071232 _____ C:\Users\User\AppData\Roaming\Config.xml
2016-09-03 17:26 - 2016-09-03 17:26 - 00018432 _____ C:\Users\User\AppData\Roaming\Main.dat
2016-09-03 17:26 - 2016-09-03 17:26 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-09-03 17:26 - 2016-09-03 17:26 - 00000000 ____D C:\ProgramData\Logic Handler
2016-09-03 17:26 - 2016-09-03 17:26 - 00000000 ____D C:\ProgramData\Lamzaps
2016-09-03 17:26 - 2016-09-03 17:24 - 00707072 _____ C:\Users\User\AppData\Roaming\LotQuotouch.exe
2016-09-03 17:25 - 2016-09-03 19:01 - 00000000 ____D C:\Program Files (x86)\GreatMaker
2016-09-03 17:25 - 2016-09-03 18:52 - 00000000 ____D C:\Program Files (x86)\mpck
2016-09-03 17:25 - 2016-09-03 17:26 - 00005568 _____ C:\Users\User\AppData\Roaming\md.xml
2016-09-03 17:25 - 2016-09-03 17:25 - 00848565 _____ C:\Users\User\AppData\Roaming\Tintip.bin
2016-09-03 17:25 - 2016-09-03 17:25 - 00126464 _____ C:\Users\User\AppData\Roaming\lobby.dat
2016-09-03 17:25 - 2016-09-03 17:25 - 00072711 _____ C:\Users\User\AppData\Roaming\Cofsolokix.tst
2016-09-03 17:25 - 2016-09-03 17:25 - 00054272 _____ C:\Users\User\AppData\Roaming\ApplicationHosting.dat
2016-09-03 17:25 - 2016-09-03 17:25 - 00000000 ____D C:\Users\User\AppData\Local\tuto_monetize_120160902
2016-09-03 17:25 - 2016-09-03 17:25 - 00000000 ____D C:\Users\User\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2016-09-03 17:25 - 2016-09-03 17:25 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-09-03 17:25 - 2016-09-03 17:24 - 00707072 _____ C:\Users\User\AppData\Roaming\Cofsolokix.exe
2016-09-03 17:24 - 2016-09-03 17:27 - 00000000 ____D C:\Program Files (x86)\sbqh
2016-09-03 17:24 - 2016-09-03 17:25 - 00018336 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-09-03 17:24 - 2016-09-03 17:24 - 00138240 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-09-03 17:24 - 2016-09-03 17:24 - 00000000 ____D C:\Users\User\AppData\Roaming\UPUpdata
2016-09-03 17:24 - 2016-09-03 17:24 - 00000000 ____D C:\Users\User\AppData\Roaming\gplyra
2016-09-03 17:23 - 2016-09-07 17:09 - 00000000 ____D C:\Program Files (x86)\03AA02FC-1472898199-0572-E506-650700080009
2016-09-03 17:23 - 2016-09-03 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\SpringFiles
2016-09-03 17:16 - 2016-09-07 18:17 - 00000000 ____D C:\Program Files (x86)\Chorerentkzaty
2016-09-03 17:16 - 2016-09-05 08:21 - 00000000 ___HD C:\Program Files (x86)\242653C
2016-09-03 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.5
2016-09-03 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.4
2016-09-03 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default\Helper.3
2016-09-03 17:16 - 2016-09-04 17:16 - 00000000 ___HD C:\Users\MS.Default
2016-09-03 17:16 - 2016-09-03 17:17 - 00000000 ___HD C:\Program Files (x86)\SOEasy.3
2016-09-03 17:16 - 2016-09-03 17:16 - 05250760 _____ C:\Users\User\Downloads\CAMBRIDGE_IELTS_Ebook_Audio_1_2_3_4_5_6_7_8_9_plus_more_other_IE_downloader (1).exe
2016-09-03 17:16 - 2016-09-03 17:16 - 00008978 _____ C:\Windows\System32\Tasks\Zuboent Verfier
2016-09-03 17:16 - 2016-09-03 17:16 - 00003058 _____ C:\Windows\System32\Tasks\LuckyBrowse
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ___HD C:\Program Files (x86)\SOEasy.5
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ___HD C:\Program Files (x86)\SOEasy.4
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\Users\User\AppData\Local\batosparercultfemipy
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\ProgramData\LuckyBrowse
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\ProgramData\Avg
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-03 17:16 - 2016-09-03 17:16 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2016-09-03 17:15 - 2016-09-03 17:15 - 05250760 _____ C:\Users\User\Downloads\CAMBRIDGE_IELTS_Ebook_Audio_1_2_3_4_5_6_7_8_9_plus_more_other_IE_downloader.exe
2016-09-02 01:42 - 2016-09-02 01:42 - 00142518 _____ C:\Windows\8146ea6da16672c27587aa9a9d767bce.exe
2016-09-01 19:43 - 2016-09-01 19:43 - 00005094 _____ C:\Users\User\Desktop\Confirmation11520000031909101472294618333 (1).pdf
2016-09-01 19:42 - 2016-09-01 19:42 - 00005094 _____ C:\Users\User\Downloads\Confirmation11520000031909101472294618333.pdf
2016-08-30 15:47 - 2016-08-30 15:47 - 00001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 10.lnk
2016-08-30 15:47 - 2016-08-30 15:47 - 00001927 _____ C:\Users\Public\Desktop\Nitro Pro 10.lnk
2016-08-30 15:47 - 2016-08-30 15:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro
2016-08-30 15:47 - 2016-07-22 17:26 - 00031896 _____ (Nitro Software, Inc.) C:\Windows\system32\nitrolocalmon10.dll
2016-08-30 15:47 - 2016-07-22 17:26 - 00020120 _____ (Nitro Software, Inc.) C:\Windows\system32\nitrolocalui10.dll
2016-08-30 15:46 - 2016-08-30 15:46 - 00000000 ____D C:\ProgramData\Nitro
2016-08-30 15:46 - 2016-08-30 15:46 - 00000000 ____D C:\Program Files\Nitro
2016-08-30 15:46 - 2016-08-30 15:46 - 00000000 ____D C:\Program Files\Common Files\Nitro
2016-08-30 15:46 - 2016-08-30 15:46 - 00000000 ____D C:\Program Files (x86)\Nitro
2016-08-30 15:45 - 2016-08-30 15:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Downloaded Installations
2016-08-30 15:17 - 2016-08-30 15:17 - 00000117 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
2016-08-30 15:04 - 2016-08-30 15:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Foxit Software
2016-08-30 14:58 - 2016-08-30 14:58 - 00000000 ____D C:\Users\User\Desktop\New folder
2016-08-30 14:51 - 2016-08-30 14:51 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-30 14:44 - 2016-08-30 14:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton Remove and Reinstall
2016-08-30 14:00 - 2016-08-30 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFBinder
2016-08-30 14:00 - 2016-08-30 14:00 - 00000000 ____D C:\Program Files (x86)\PDFBinder
2016-08-30 13:59 - 2016-08-30 13:59 - 01763328 _____ C:\Users\User\Downloads\PDFBinder-v1.2.msi
2016-08-27 18:14 - 2016-08-27 18:14 - 00341280 _____ C:\Users\User\Downloads\drive-download-20160827T111405Z.zip
2016-08-27 18:14 - 2016-08-27 18:14 - 00000000 ____D C:\Users\User\Downloads\drive-download-20160827T111405Z
2016-08-24 09:59 - 2016-08-24 09:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-08-24 09:54 - 2016-08-24 09:54 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-08-15 13:53 - 2015-09-16 13:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-08-15 13:53 - 2015-09-16 10:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-08-13 00:02 - 2016-09-03 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-12 18:49 - 2016-08-12 18:49 - 00000988 _____ C:\Users\User\Desktop\Start CSGO  No Internet.lnk
2016-08-12 18:49 - 2016-08-12 18:49 - 00000985 _____ C:\Users\User\Desktop\Counter-Strike Global Offensive.lnk
2016-08-12 18:48 - 2016-08-12 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
2016-08-12 10:00 - 2016-08-26 14:34 - 00000000 ____D C:\Users\User\.android
2016-08-12 09:59 - 2016-08-12 09:59 - 00000000 ____D C:\Users\User\Nox_share
2016-08-12 09:58 - 2016-08-26 14:34 - 00000000 ____D C:\Users\User\vmlogs
2016-08-12 09:57 - 2016-08-12 09:57 - 00000000 ____D C:\Program Files\DIFX
2016-08-12 09:55 - 2016-08-30 14:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Nox
2016-08-12 09:55 - 2016-08-30 14:00 - 00000000 ____D C:\Users\User\AppData\Local\Nox
2016-08-11 20:06 - 2016-09-03 17:35 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-08-08 01:17 - 2016-08-08 01:17 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-08-08 01:17 - 2016-08-08 01:17 - 00000000 ____D C:\Program Files (x86)\WinSaber
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-07 18:40 - 2016-05-31 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2016-09-07 18:39 - 2015-11-12 13:05 - 00001783 _____ C:\Users\Public\Desktop\GRE PowerPrep II.lnk
2016-09-07 18:39 - 2015-08-22 16:35 - 00001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-07 18:39 - 2015-08-22 16:35 - 00001091 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-07 18:39 - 2015-08-22 15:50 - 00001485 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-07 18:39 - 2015-08-22 15:50 - 00001451 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-07 18:00 - 2015-09-07 10:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-07 16:24 - 2016-05-31 11:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2016-09-07 16:13 - 2015-08-24 11:16 - 00000000 ____D C:\Users\User\AppData\Local\IntPetro35
2016-09-07 16:13 - 2015-08-22 15:50 - 00000000 ___SD C:\Users\User\AppData\Local\VirtualStore
2016-09-07 16:11 - 2015-09-10 17:37 - 00000000 ____D C:\Users\User\AppData\Roaming\DMCache
2016-09-07 09:10 - 2015-08-25 14:24 - 00000000 ___RD C:\Users\User\Google Drive
2016-09-07 09:09 - 2016-01-12 10:25 - 00000198 _____ C:\Windows\Tasks\AutoKMS.job
2016-09-07 09:08 - 2015-08-22 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-07 09:08 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 09:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-09-05 08:32 - 2015-08-22 15:59 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-09-05 08:26 - 2009-07-14 12:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 20:18 - 2015-08-22 15:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-03 19:41 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-03 18:49 - 2015-08-28 13:55 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-09-03 17:16 - 2015-11-12 11:52 - 00002334 _____ C:\Users\Public\Desktop\Surfer 10 (32-bit).lnk
2016-09-01 22:30 - 2009-07-14 11:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-01 22:30 - 2009-07-14 11:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:29 - 2015-09-10 17:37 - 00000000 ____D C:\Users\User\Downloads\Video
2016-08-30 16:28 - 2015-08-22 15:58 - 00000000 ____D C:\ProgramData\Norton
2016-08-30 15:45 - 2015-09-10 17:37 - 00000000 ____D C:\Users\User\Downloads\Compressed
2016-08-30 14:51 - 2015-08-22 16:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-30 14:44 - 2015-08-22 15:57 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-08-30 08:53 - 2015-08-27 20:32 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-26 17:17 - 2015-08-22 16:38 - 00000000 ____D C:\ProgramData\Corel
2016-08-26 17:17 - 2015-08-22 16:37 - 00000000 ____D C:\Program Files (x86)\Corel
2016-08-24 09:54 - 2015-08-22 15:58 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-08-19 09:31 - 2015-08-25 12:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-08-19 04:47 - 2015-08-22 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-18 22:56 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\spool
2016-08-16 09:33 - 2015-08-22 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-16 09:33 - 2009-07-14 12:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-15 13:52 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Registration
2016-08-11 09:48 - 2009-07-14 11:45 - 00535352 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2016-09-04 17:16 - 2016-09-04 17:16 - 0142336 ____H () C:\Program Files (x86)\local64spl.dll
2016-09-04 17:16 - 2016-09-04 17:16 - 0000020 ____H () C:\Program Files (x86)\local64spl.dll.ini
2016-09-03 17:26 - 2016-09-03 17:26 - 7085568 _____ () C:\Users\User\AppData\Roaming\agent.dat
2016-09-03 17:25 - 2016-09-03 17:25 - 0054272 _____ () C:\Users\User\AppData\Roaming\ApplicationHosting.dat
2016-09-03 17:25 - 2016-09-03 17:24 - 0707072 _____ () C:\Users\User\AppData\Roaming\Cofsolokix.exe
2016-09-03 17:25 - 2016-09-03 17:25 - 0072711 _____ () C:\Users\User\AppData\Roaming\Cofsolokix.tst
2016-09-03 17:26 - 2016-09-03 17:26 - 0071232 _____ () C:\Users\User\AppData\Roaming\Config.xml
2016-09-03 17:26 - 2016-09-03 17:26 - 2279413 _____ () C:\Users\User\AppData\Roaming\Fixtouch.bin
2016-09-03 17:24 - 2016-09-03 17:25 - 0018336 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-09-03 17:24 - 2016-09-03 17:24 - 0138240 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-09-03 17:25 - 2016-09-03 17:25 - 0126464 _____ () C:\Users\User\AppData\Roaming\lobby.dat
2016-09-03 17:26 - 2016-09-03 17:24 - 0707072 _____ () C:\Users\User\AppData\Roaming\LotQuotouch.exe
2016-09-03 17:26 - 2016-09-03 17:26 - 1904978 _____ () C:\Users\User\AppData\Roaming\LotQuotouch.tst
2016-09-03 17:26 - 2016-09-03 17:26 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
2016-09-03 17:25 - 2016-09-03 17:26 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml
2016-09-03 17:26 - 2016-09-03 17:26 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat
2016-09-03 17:25 - 2016-09-03 17:25 - 0848565 _____ () C:\Users\User\AppData\Roaming\Tintip.bin
2016-09-03 17:26 - 2016-09-03 17:26 - 0032038 _____ () C:\Users\User\AppData\Roaming\uninstall_temp.ico
2015-09-02 10:51 - 2015-09-09 11:55 - 0000088 __RSH () C:\ProgramData\A11533D352.sys
2015-08-22 16:38 - 2015-08-22 16:38 - 0000008 __RSH () C:\ProgramData\D81BF18DC7.sys
2015-08-22 16:03 - 2015-08-22 16:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-22 16:38 - 2015-09-09 11:55 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\11BE.tmp.exe
C:\Users\User\AppData\Local\Temp\1E1E.tmp.exe
C:\Users\User\AppData\Local\Temp\21A2.tmp.exe
C:\Users\User\AppData\Local\Temp\226C.tmp.exe
C:\Users\User\AppData\Local\Temp\22B4.tmp.exe
C:\Users\User\AppData\Local\Temp\249A.tmp.exe
C:\Users\User\AppData\Local\Temp\24F9.tmp.exe
C:\Users\User\AppData\Local\Temp\28D5.tmp.exe
C:\Users\User\AppData\Local\Temp\29D0.tmp.exe
C:\Users\User\AppData\Local\Temp\29E.tmp.exe
C:\Users\User\AppData\Local\Temp\2A1D.tmp.exe
C:\Users\User\AppData\Local\Temp\2B3A.tmp.exe
C:\Users\User\AppData\Local\Temp\2E08.tmp.exe
C:\Users\User\AppData\Local\Temp\2EAA.tmp.exe
C:\Users\User\AppData\Local\Temp\3041.tmp.exe
C:\Users\User\AppData\Local\Temp\304F.tmp.exe
C:\Users\User\AppData\Local\Temp\30E.tmp.exe
C:\Users\User\AppData\Local\Temp\3181.tmp.exe
C:\Users\User\AppData\Local\Temp\32CA.tmp.exe
C:\Users\User\AppData\Local\Temp\3499.tmp.exe
C:\Users\User\AppData\Local\Temp\384C.tmp.exe
C:\Users\User\AppData\Local\Temp\39A0.tmp.exe
C:\Users\User\AppData\Local\Temp\3A00.tmp.exe
C:\Users\User\AppData\Local\Temp\3CB.tmp.exe
C:\Users\User\AppData\Local\Temp\3E2B.tmp.exe
C:\Users\User\AppData\Local\Temp\4315.tmp.exe
C:\Users\User\AppData\Local\Temp\4674.tmp.exe
C:\Users\User\AppData\Local\Temp\477B.tmp.exe
C:\Users\User\AppData\Local\Temp\48E3.tmp.exe
C:\Users\User\AppData\Local\Temp\49F4.tmp.exe
C:\Users\User\AppData\Local\Temp\4B26.tmp.exe
C:\Users\User\AppData\Local\Temp\520E.tmp.exe
C:\Users\User\AppData\Local\Temp\52C5.tmp.exe
C:\Users\User\AppData\Local\Temp\55B2.tmp.exe
C:\Users\User\AppData\Local\Temp\577B.tmp.exe
C:\Users\User\AppData\Local\Temp\5847.tmp.exe
C:\Users\User\AppData\Local\Temp\585B.tmp.exe
C:\Users\User\AppData\Local\Temp\594B.tmp.exe
C:\Users\User\AppData\Local\Temp\5A62.tmp.exe
C:\Users\User\AppData\Local\Temp\5D6C.tmp.exe
C:\Users\User\AppData\Local\Temp\5F1C.tmp.exe
C:\Users\User\AppData\Local\Temp\62BD.tmp.exe
C:\Users\User\AppData\Local\Temp\6415.tmp.exe
C:\Users\User\AppData\Local\Temp\650B.tmp.exe
C:\Users\User\AppData\Local\Temp\65DE.tmp.exe
C:\Users\User\AppData\Local\Temp\65F4.tmp.exe
C:\Users\User\AppData\Local\Temp\6727.tmp.exe
C:\Users\User\AppData\Local\Temp\68B2.tmp.exe
C:\Users\User\AppData\Local\Temp\6A4C.tmp.exe
C:\Users\User\AppData\Local\Temp\6C27.tmp.exe
C:\Users\User\AppData\Local\Temp\7121.tmp.exe
C:\Users\User\AppData\Local\Temp\7776.tmp.exe
C:\Users\User\AppData\Local\Temp\7972.tmp.exe
C:\Users\User\AppData\Local\Temp\7DC1.tmp.exe
C:\Users\User\AppData\Local\Temp\7DCE.tmp.exe
C:\Users\User\AppData\Local\Temp\7DD8.tmp.exe
C:\Users\User\AppData\Local\Temp\7EEF.tmp.exe
C:\Users\User\AppData\Local\Temp\82B5.tmp.exe
C:\Users\User\AppData\Local\Temp\8620.tmp.exe
C:\Users\User\AppData\Local\Temp\88F4.tmp.exe
C:\Users\User\AppData\Local\Temp\8BEF.tmp.exe
C:\Users\User\AppData\Local\Temp\8C03.tmp.exe
C:\Users\User\AppData\Local\Temp\8E13.tmp.exe
C:\Users\User\AppData\Local\Temp\8F0C.tmp.exe
C:\Users\User\AppData\Local\Temp\8F6E.tmp.exe
C:\Users\User\AppData\Local\Temp\90B.tmp.exe
C:\Users\User\AppData\Local\Temp\9472.tmp.exe
C:\Users\User\AppData\Local\Temp\953E.tmp.exe
C:\Users\User\AppData\Local\Temp\9598.tmp.exe
C:\Users\User\AppData\Local\Temp\95CD.tmp.exe
C:\Users\User\AppData\Local\Temp\95D.tmp.exe
C:\Users\User\AppData\Local\Temp\967F.tmp.exe
C:\Users\User\AppData\Local\Temp\99AC.tmp.exe
C:\Users\User\AppData\Local\Temp\9C92.tmp.exe
C:\Users\User\AppData\Local\Temp\9E11.tmp.exe
C:\Users\User\AppData\Local\Temp\9E57.tmp.exe
C:\Users\User\AppData\Local\Temp\9F30.tmp.exe
C:\Users\User\AppData\Local\Temp\9FFA.tmp.exe
C:\Users\User\AppData\Local\Temp\A218.tmp.exe
C:\Users\User\AppData\Local\Temp\A4CC.tmp.exe
C:\Users\User\AppData\Local\Temp\A7B0.tmp.exe
C:\Users\User\AppData\Local\Temp\B305.tmp.exe
C:\Users\User\AppData\Local\Temp\B941.tmp.exe
C:\Users\User\AppData\Local\Temp\B97C.tmp.exe
C:\Users\User\AppData\Local\Temp\BE15.tmp.exe
C:\Users\User\AppData\Local\Temp\BE19.tmp.exe
C:\Users\User\AppData\Local\Temp\C0A9.tmp.exe
C:\Users\User\AppData\Local\Temp\C1E1.tmp.exe
C:\Users\User\AppData\Local\Temp\C2E9.tmp.exe
C:\Users\User\AppData\Local\Temp\C596.tmp.exe
C:\Users\User\AppData\Local\Temp\C696.tmp.exe
C:\Users\User\AppData\Local\Temp\CB5B.tmp.exe
C:\Users\User\AppData\Local\Temp\CDAA.tmp.exe
C:\Users\User\AppData\Local\Temp\CE43.tmp.exe
C:\Users\User\AppData\Local\Temp\CF14.tmp.exe
C:\Users\User\AppData\Local\Temp\D0A.tmp.exe
C:\Users\User\AppData\Local\Temp\D0BA.tmp.exe
C:\Users\User\AppData\Local\Temp\D0FD.tmp.exe
C:\Users\User\AppData\Local\Temp\D512.tmp.exe
C:\Users\User\AppData\Local\Temp\D591.tmp.exe
C:\Users\User\AppData\Local\Temp\D760.tmp.exe
C:\Users\User\AppData\Local\Temp\DE50.tmp.exe
C:\Users\User\AppData\Local\Temp\DFC5.tmp.exe
C:\Users\User\AppData\Local\Temp\E1BC.tmp.exe
C:\Users\User\AppData\Local\Temp\E2B2.tmp.exe
C:\Users\User\AppData\Local\Temp\EA43.tmp.exe
C:\Users\User\AppData\Local\Temp\EA6E.tmp.exe
C:\Users\User\AppData\Local\Temp\EB0C.tmp.exe
C:\Users\User\AppData\Local\Temp\EC50.tmp.exe
C:\Users\User\AppData\Local\Temp\EC90.tmp.exe
C:\Users\User\AppData\Local\Temp\EE7F.tmp.exe
C:\Users\User\AppData\Local\Temp\EE86.tmp.exe
C:\Users\User\AppData\Local\Temp\F016.tmp.exe
C:\Users\User\AppData\Local\Temp\F179.tmp.exe
C:\Users\User\AppData\Local\Temp\F2AE.tmp.exe
C:\Users\User\AppData\Local\Temp\F765.tmp.exe
C:\Users\User\AppData\Local\Temp\F8C7.tmp.exe
C:\Users\User\AppData\Local\Temp\FB4F.tmp.exe
C:\Users\User\AppData\Local\Temp\FE08.tmp.exe
C:\Users\User\AppData\Local\Temp\FE98.tmp.exe
C:\Users\User\AppData\Local\Temp\FF6C.tmp.exe
C:\Users\User\AppData\Local\Temp\FF7C.tmp.exe
C:\Users\User\AppData\Local\Temp\FF9D.tmp.exe
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\Foxit Updater.exe
C:\Users\User\AppData\Local\Temp\fsd8130.exe
C:\Users\User\AppData\Local\Temp\ICReinstall_B97C.tmp.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\softconfig.dll
C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\User\AppData\Local\Temp\_isABB9.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 10:24] - [2015-08-22 15:49] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2010-11-21 10:24] - [2015-08-22 15:49] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2010-11-21 10:24] - [2010-11-21 10:24] - 0357888 ____A (Microsoft Corporation) 1CAE4C4BB427484C4E458218C090DC7B
 
C:\Windows\SysWOW64\dnsapi.dll
[2010-11-21 10:24] - [2010-11-21 10:24] - 0270336 ____A (Microsoft Corporation) 5E95C05E2A55D074DC05A107C8474EFC
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-05 00:18
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:29 PM

Posted 07 September 2016 - 08:16 AM

Hi ateppp,
 
Looks like you are quite infected, let's start cleaning this mess up.
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

  • Body Text Feathering

Additional instructions can be found here if needed.
 
----------------------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

----------------------------
 
We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: dnsapi.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:29 PM

Posted 13 October 2016 - 04:29 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users