Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeus trojan payload ,what do i do


  • Please log in to reply
15 replies to this topic

#1 raror

raror

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 10:54 AM

I found this http://www.adlice.com/remove-zeus/

in one of the malwarebytes system files or something like that, i quickly just removed malwarebytes altogether

but could i be infected by something worse

 

 



BC AdBot (Login to Remove)

 


#2 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 11:02 AM

# AdwCleaner v6.043 - Logfile created 17/02/2017 at 17:58:33
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : nazanda - NAZANDA-PC
# Running from : F:\programi\1Security\1adware malware spyware\2best\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\PanService
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\Software\Conduit
Key Found:  HKU\S-1-5-21-1315861483-2587834430-1896926071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02172017171813665\Software\Conduit
Key Found:  HKU\S-1-5-21-1315861483-2587834430-1896926071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02172017173524505\Software\Conduit
Key Found:  HKCU\Software\Conduit
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
Key Found:  [x64] HKCU\Software\Conduit


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\ user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.installDate" -  "2012-12-9"
Firefox pref Found:  [C:\Users\user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.isTrackedInstall" -  true
Firefox pref Found:  [C:\Users\user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.isUninstallPageShown" -  false
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2249 Bytes] - [17/02/2017 17:58:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2322 Bytes] ##########

 



#3 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 11:08 AM

This conduit thing seems to reinstall a lot ... what do i do with the adwcleaner thing ? and these firefox preferences , what do i do with them specifically?

 

 

 

 

 MiniToolBox by Farbar  Version: 30-11-2014
Ran by nazanda (administrator) on 17-02-2017 at 17:56:09
Running from "F:\programi\1Security\0scans\best"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : nazanda-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-30-4C-47-A6-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::acce:851:4f7a:be59%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, February 17, 2017 3:59:21 PM
   Lease Expires . . . . . . . . . . : Saturday, February 18, 2017 3:59:21 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 235429998
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-70-F3-43-00-30-4C-47-A6-73
   DNS Servers . . . . . . . . . . . : fe80::1%11
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF2247AF-0684-4AA5-973C-DB62022EA833}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  fe80::1

Name:    google.com
Addresses:  2a00:1450:400d:803::200e
      216.58.214.238


Pinging google.com [216.58.214.238] with 32 bytes of data:
Reply from 216.58.214.238: bytes=32 time=15ms TTL=55
Reply from 216.58.214.238: bytes=32 time=15ms TTL=55

Ping statistics for 216.58.214.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server:  UnKnown
Address:  fe80::1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=153ms TTL=50
Reply from 98.138.253.109: bytes=32 time=152ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 152ms, Maximum = 153ms, Average = 152ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 30 4c 47 a6 73 ......Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2    200
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    356
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    356
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    356
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    356
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    356
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::acce:851:4f7a:be59/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
ActiveSMART (HKLM-x32\...\ActiveSMART) (Version: 2.96 - Ariolic Software, Ltd.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 19.0.0.190 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon)
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM-x32\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.10 - Atheros Communications Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Betsson Poker by Microgaming (HKLM-x32\...\betssonpoker (Poker)) (Version: 16.6.2.11243 - )
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
BTCCharts (HKLM-x32\...\BTCCharts) (Version: 1 - UNKNOWN)
BTCCharts (x32 Version: 1 - UNKNOWN) Hidden
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
ChatZilla (HKLM-x32\...\{507FCA59-09EB-426C-87F9-E948C7EFE525}) (Version: 0.9.92 - ChatZilla)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Dailymotion Mass Uploader (HKLM-x32\...\com.dailymotion.massuploader) (Version: 0.1.1 - Dailymotion)
Dailymotion Mass Uploader (x32 Version: 0.1.1 - Dailymotion) Hidden
Definition Update for Microsoft Office 2010 (KB3054883) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{65C75C04-79C2-4ADF-A140-0B03D9EC0348}) (Version:  - Microsoft)
Digital Editions Converter (HKLM-x32\...\DigitalEditions) (Version: 1.4.1 - eBook Converter)
Discord (HKCU\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
FlashGet 1.9.6.1073 (HKLM-x32\...\FlashGet) (Version: 1.9.6.1073 - http://www.FlashGet.com)
Fuze (per-user) (HKCU\...\{c6b703d6-5aff-4612-9bc2-85c27b7202ec}) (Version: 16.1.26614.0 - FuzeBox)
Fuze (per-user) (Version: 16.01.26614.0 - FuzeBox) Hidden
GeekBuddy (HKLM-x32\...\{00B6D29A-4BBB-460C-A312-3D5B2FFB23E2}) (Version: 4.8.66 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKCU\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
Gramblr (HKLM\...\Gramblr) (Version: 2.8.4 - Gramblr Team)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
ICMIZER (HKCU\...\232643462.www.icmpoker.com) (Version:  - www.icmpoker.com)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IntelliJ IDEA Community Edition 2016.3.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 2016.3.3) (Version: 163.11103.6 - JetBrains s.r.o.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.63 - IVONA Software Sp. z o.o.)
IVONA ControlCenter (HKLM-x32\...\IVONA ControlCenter) (Version: 1.1.2 - IVONA Software Sp. z o.o.)
IVONA MiniReader (HKLM-x32\...\IVONA MiniReader) (Version:  - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version:  - IVONA Software Sp. z o.o.)
Jaksta Media Recorder (5.0.1.54) (HKLM-x32\...\Jaksta Media Recorder) (Version: 5.0.1.54 - Jaksta Technologies)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.66.18 - Oracle Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7149 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Exchange Web Services Managed API 2.0 (x32 Version: 15.0.516.14 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (x32 Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (x32 Version: 14.0.23026 - Microsoft Corporation) Hidden
MODEM device (x32 Version: 1.0.0.1 - Default Company Name) Hidden
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MyConnection PC Lite Edition (HKLM-x32\...\MyConnection PC Lite Edition) (Version:  - )
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Poker Heaven by Microgaming (HKLM-x32\...\pokerheaven (Poker)) (Version: 16.6.2.11243 - )
PokerStars.bg (HKLM-x32\...\PokerStars.bg) (Version:  - PokerStars.bg)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 1d306c - KDE)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
SaxoTrader (HKLM-x32\...\{49C14B93-58AD-4178-B52C-750D54CE618D}) (Version: 2.125.6.0 - Saxo Bank)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (HKLM-x32\...\Synergy) (Version: 1.4.16 - The Synergy Project)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
TweetDeck by Twitter (HKCU\...\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc) (Version: 1 - Twitter Inc.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2965300) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{11E3BBC0-B7CA-41E7-BE61-B19AC8E8A136}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA28304-D86F-4ACA-97FA-D126E0D02416}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589282) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D2D05EF6-7BD4-4857-A638-27F454941717}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{44F6677A-EC0A-4A4C-8D2D-B640FA1A6A20}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{44F6677A-EC0A-4A4C-8D2D-B640FA1A6A20}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9C9636BD-37A7-43F7-BB00-5C7606B42D27}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{12B2F697-82C9-49A5-AA11-18806D3B3681}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB3054977) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D8F534DE-6213-4C81-AEAA-CE89182352B4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{82148027-13B5-4920-97F3-6A44A29B83D0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1306C813-D03A-4FB1-AF83-C437CC454655}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1306C813-D03A-4FB1-AF83-C437CC454655}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB3054976) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{17099BE5-DC3C-4856-88EF-B34E16BBB4C7}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB3054976) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{2F63E4DE-723C-4785-9776-9F54D456DE31}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E7C8C158-9575-4120-AF5E-5CCEF2DD6761}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{65CFD108-C07D-469A-AE6C-26E0FFA703BD}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{30B9D112-E68C-461D-B370-6D0B6AD61AC6}) (Version:  - Microsoft)
USB2.0 PC Camera (SN9C201&202) (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.103 - Sonix)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Viber (HKCU\...\{b44f5a1f-ca34-4def-9c69-9aabd288bcb6}) (Version: 5.9.1.1 - Viber Media Inc.)
Viber (x32 Version: 5.9.1.1 - Viber Media Inc.) Hidden
VisualRoute Lite Edition (HKLM-x32\...\VisualRoute Lite Edition) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
Winner Poker (HKCU\...\winnerpoker) (Version:  - )
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yahoo Message Archive Decoder 4.5 (HKLM-x32\...\Yahoo Message Archive Decoder) (Version: 4.5 - Ikitek Software)
Zoom (HKCU\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

**** End of log ****
 



#4 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 11:13 AM

RogueKiller V11.0.10.0 [Feb  1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : nazanda [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan Aborted -- Date : 02/17/2017 17:52:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PROCMON23 (System32\Drivers\PROCMON23.SYS) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] c36c98ed67b79043557f71f4633eec84
[BSP] bef177d2c9a535e4a00e5b55a98ac64b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] 8d1331c2be52a020961740ff75abd324
[BSP] 41de9c8f9b92d5a66a791fa2818e5822 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD My Book 1140 USB Device +++++
--- User ---
[MBR] 7a4ec4e08b9c0b7774c61db295f91382
[BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: WD My Book 1140 USB Device +++++
--- User ---
[MBR] 826c768e1d647d67f8545950a13d16a5
[BSP] 717dd44c70d9301a3f6f6f49130ee44d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 67,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:36 AM

Posted 17 February 2017 - 11:53 AM

Please also do these.

Remove what ADW found
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

    lv0mVRW.pngJunkware Removal Tool
    • Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    cvMlKv6.pngESET Online Scanner
    • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
    • Disable all your antivirus and antimalware software - see how to do that here.
    • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
    • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
    • Select Enable detection of potentially unwanted applications.
    • Click Advanced Settings, then place a checkmark in the following:
      • Remove found threats
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click Start to begin scanning.
    • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
    • When the scan is done, click List threats (only available if ESET Online Scanner found something).
    • Click Export, then save the file to your desktop.
    • Click Back, then Finish to exit ESET Online Scanner.



How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#6 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 01:54 PM

Thank you for the responce boop

 

I'm more interested if i have anything beyond that, and i ran jrt and adwcleaner i think i posted them both


Edited by raror, 17 February 2017 - 01:55 PM.


#7 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:02 PM

i ran jrt again

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64
Ran by nazanda (Administrator) on Fri 02/17/2017 at 20:56:43.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 70

Failed to delete: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC1MIK1 (Temporary Internet Files Folder)
Failed to delete: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DX9R2YI (Temporary Internet Files Folder)
Failed to delete: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNDXHRPI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\facebook-search.xml (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CHMVJGT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DJFCQOH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1VEMI2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F5V0VL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ATR1I5U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHBWBEW4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6HGCC30 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNONSMVD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUMYY7MO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPM8L4TO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVSDXUEH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1MPI1OF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM1PIQQC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4IUA0NW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXB132PR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M638618S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNKUU32C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8EDCL1S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODEG1GM5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUNIHU7G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCVCBWF9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNGIIB9V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEHRL317 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUA324B8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WF2GI1QM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEMWMYQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTXRTPQW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1T33Y2R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nazanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z990XKDP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CHMVJGT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DJFCQOH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1VEMI2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23F5V0VL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC1MIK1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ATR1I5U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DX9R2YI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHBWBEW4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6HGCC30 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNONSMVD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUMYY7MO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPM8L4TO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVSDXUEH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1MPI1OF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM1PIQQC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4IUA0NW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXB132PR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M638618S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNKUU32C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8EDCL1S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODEG1GM5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUNIHU7G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNDXHRPI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCVCBWF9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNGIIB9V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEHRL317 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUA324B8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WF2GI1QM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEMWMYQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTXRTPQW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1T33Y2R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z990XKDP (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/17/2017 at 20:59:01.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:05 PM

I haven't updated windows in quite a while.

and now i cant even start any of the updates.



#9 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:26 PM

I also have this LENOVO in networks, in addition to nazanda.. im not sure what that is



#10 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:34 PM

I also one time , i couldnt log into my main username admin account ,so it logged me into a temporary TEMP account and i couldnt use the ntuser files , i couldnt even save them ,it said ,they were being used. and now its back to my primary admin account and i deleted the zeus thing.

 

The following boot-start or system-start driver(s) failed to load:
cdrom

The HDDlife HDD Access service service terminated with the following error:
%%-2147417831

 

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\nazanda\ntuser.dat

 

 

 

 

 

i cant post images of that


Edited by raror, 17 February 2017 - 02:37 PM.


#11 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:36 PM

I also cant uninstall itunes


Edited by raror, 17 February 2017 - 02:40 PM.


#12 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 02:42 PM

btw can you explain what those are?

Firefox pref Found:  [C:\Users\ user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.installDate" -  "2012-12-9"
Firefox pref Found:  [C:\Users\user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.isTrackedInstall" -  true
Firefox pref Found:  [C:\Users\user \AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\prefs.js] - "extensions.widdit26525.isUninstallPageShown" -  false
No malicious Chromium based browser items found.



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 67,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:36 AM

Posted 17 February 2017 - 03:09 PM

Hi.
well it says
Username : nazanda - NAZANDA-PC

Lenovo is a type of PC,perhaps yours.

Let ESET finish as we may have more to do.

Those look like Fiefox files, what found them?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#14 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 04:53 PM

no,lenovo is not my pc.

why do i have two networks ,one of them is nazanda , the other is lenovo

 

firefox files are from adwcleaner


Edited by raror, 17 February 2017 - 05:07 PM.


#15 raror

raror
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 February 2017 - 06:36 PM

i ran eset only for c i think, i stopped it at some point:

 

 

C:\Users\nazanda\AppData\Local\67A2DA49_stp\TaskScheduler.dll    a variant of Win32/InstallCore.ACL potentially unwanted application
F:\Desktop\\programs\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users