Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeus trojan , now i cant use my control panel usernames


  • This topic is locked This topic is locked
10 replies to this topic

#1 raror

raror

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 21 February 2017 - 03:10 PM

recently i found this on my computer and removed it

 

https://malwaretips.com/blogs/zeus-trojan-virus/

 

the problem is ,i still can't access or change my username passwords ,even my admin account seems compromised or at least theres some problem with my username

 

What do i do?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 22 February 2017 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instuctions.

#3 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 February 2017 - 12:34 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by nazanda (administrator) on NAZANDA-PC (24-02-2017 18:34:12)
Running from C:\Users\nazanda\Downloads
Loaded Profiles: nazanda & postgres (Available Profiles: nazanda & postgres & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) D:\C programs extention\Advanced SystemCare Ultimate\ASCService.exe
(IObit) D:\C programs extention\Advanced SystemCare Ultimate\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(@ByELDI) D:\C programs extention\KMSpico\Service_KMS.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
() C:\Program Files\Synergy\synergyd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) D:\C programs extention\Advanced SystemCare Ultimate\Monitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Sonix) C:\Windows\vsnp2std.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(IVONA Software Sp. z o.o.) C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
(BitTorrent Inc.) C:\Users\nazanda\AppData\Roaming\uTorrent\uTorrent.exe
(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hammer & Chisel, Inc.) C:\Users\nazanda\AppData\Local\Discord\app-0.0.297\Discord.exe
(YourWare Solutions ™) F:\programi\1Security\drugi\FreeRAM XP Pro 1.40.exe
(IObit) D:\C programs extention\Advanced SystemCare Ultimate\ASCTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(BitTorrent Inc.) C:\Users\nazanda\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\nazanda\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Hammer & Chisel, Inc.) C:\Users\nazanda\AppData\Local\Discord\app-0.0.297\Discord.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hammer & Chisel, Inc.) C:\Users\nazanda\AppData\Local\Discord\app-0.0.297\Discord.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) D:\C programs extention\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) D:\C programs extention\Advanced SystemCare Ultimate\ASC.exe
() D:\programi\Quassel\quassel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Josh Cell Softwares) C:\Program Files\UnCleaner\UnCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-10-04] (Greenshot)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [IVONA ControlCenter] => C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe [2172864 2012-11-07] (IVONA Software Sp. z o.o.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [uTorrent] => C:\Users\nazanda\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-21] (BitTorrent Inc.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Azureus] => C:\Program Files (x86)\Vuze\Azureus.exe [271160 2014-08-12] (Azureus Software, Inc)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Google Update] => C:\Users\nazanda\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Discord] => C:\Users\nazanda\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [FreeRAM XP] => F:\programi\1Security\drugi\FreeRAM XP Pro 1.40.exe [1354240 2003-11-30] (YourWare Solutions ™)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Advanced SystemCare Ultimate] => D:\C programs extention\Advanced SystemCare Ultimate\ASCTray.exe [3023136 2016-12-26] (IObit)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [2420 2017-02-17] ()
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\nazanda\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-16]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IVONA Reader.exe - Shortcut.lnk [2015-01-06]
ShortcutTarget: IVONA Reader.exe - Shortcut.lnk -> C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe (IVONA Software Sp. z o.o.)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\new youtube acc.txt - Shortcut.lnk [2016-02-11]
ShortcutTarget: new youtube acc.txt - Shortcut.lnk -> F:\Desktop\last Desktop 2014 jan 25 to feb 9th 2016\new youtube acc.txt ()
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OANDA - MetaTrader.lnk [2015-05-24]
ShortcutTarget: OANDA - MetaTrader.lnk -> C:\Program Files (x86)\OANDA - MetaTrader\terminal.exe (MetaQuotes Software Corp.)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thinkorswim.exe - Shortcut.lnk [2015-02-16]
ShortcutTarget: thinkorswim.exe - Shortcut.lnk -> G:\C- Program files extention\thinkorswim\thinkorswim.exe (thinkorswim, Inc)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk [2014-09-06]
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TweetDeck.lnk [2014-07-11]
ShortcutTarget: TweetDeck.lnk -> C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe (Twitter)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A89E7A04-98F6-4160-BB46-B58872D08DBC}: [DhcpNameServer] 212.39.90.42 8.8.8.8
Tcpip\..\Interfaces\{BF2247AF-0684-4AA5-973C-DB62022EA833}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com/
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\C programs extention\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2012-02-09] (IVONA Software Sp. z o.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-08-06] (www.flashget.com)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2012-02-09] (IVONA Software Sp. z o.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-05-18] (www.flashget.com)
Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2012-02-09] (IVONA Software Sp. z o.o.)
Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2012-02-09] (IVONA Software Sp. z o.o.)

FireFox:
========
FF DefaultProfile: hsy7qmus.default
FF DefaultProfile: kzibefgg.default
FF ProfilePath: C:\Users\nazanda\AppData\Roaming\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc\Profiles\hsy7qmus.default [2014-12-25]
FF ProfilePath: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default [2017-02-24]
FF user.js: detected! => C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\4hz6f8cz.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_5f02acf1_1201_1403_20160719_BG_ff_nt_
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4hz6f8cz.default -> Amazon
FF Homepage: Mozilla\Firefox\Profiles\4hz6f8cz.default -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\4hz6f8cz.default -> type", 0
FF Extension: (ABV Notifier) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\abvnotifier@netinfo.bg.xpi [2015-11-26]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]
FF Extension: (Add to Search Bar) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-21]
FF Extension: (Tab Badge) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\badge@darktrojan.net.xpi [2016-08-03]
FF Extension: (CLEO) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\CLEO@guid.customsoftwareconsult.com [2016-05-16]
FF Extension: (Export Bookmarks) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\export-bookmarks@toolbar.org.xpi [2016-04-27]
FF Extension: (Hide My Ass! Web Proxy) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\extension@hidemyass.com.xpi [2015-09-25]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02]
FF Extension: (Feed Sidebar) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\feedbar@efinke.com.xpi [2016-04-28]
FF Extension: (Firebug) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (Autofill) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\firefox-autofill@googlegroups.com.xpi [2016-04-28]
FF Extension: (Google Floating Search Panel) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\floatingpanel@everhelper.me.xpi [2015-05-30]
FF Extension: (Form History Control) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\formhistory@yahoo.com [2016-03-22]
FF Extension: (Xmarks) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\foxmarks@kei.com [2017-02-07]
FF Extension: (FromWhereToWhere) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\FromWhereToWhere@addons.mozilla.org.xpi [2016-04-28]
FF Extension: (Imgur Uploader) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\giorgio@gilestro.tk.xpi [2015-05-29]
FF Extension: (Greasefire) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\greasefire@skrul.com.xpi [2016-04-27]
FF Extension: (DOM Inspector) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\inspector@mozilla.org [2016-04-27]
FF Extension: (InspectThis) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\inspectthis@mackay.dyndns.info.xpi [2016-04-28]
FF Extension: (Integrated Google Calendar) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2015-10-17]
FF Extension: (Bitcoin Price Ticker) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid0-ziK34XHkBWB9ezxd4l9Q1yC7RP0@jetpack.xpi [2017-02-24]
FF Extension: (Media Converter and Muxer) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-11-29]
FF Extension: (better-youtube-subs) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi [2016-07-19]
FF Extension: (&Manage search engines& button) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2016-06-24]
FF Extension: (Reddit Enhancement Suite) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-02-20]
FF Extension: (Tabs Counter) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-z4HxJN5IfdzuoA@jetpack.xpi [2016-04-28]
FF Extension: (Multiple Tab Handler) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2016-11-18]
FF Extension: (Google Similar Images) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2016-04-28]
FF Extension: (OPIE) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\OPIE@guid.customsoftwareconsult.com.xpi [2016-05-01]
FF Extension: (Places Maintenance) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\places-maintenance@bonardo.net.xpi [2016-09-11]
FF Extension: (Print Edit) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\printedit@DW-dev.xpi [2017-02-23]
FF Extension: (Saved Password Editor) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-30]
FF Extension: (Save My Tabs) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\savemytabs@dmitriy.khudorozhkov.xpi [2016-04-28]
FF Extension: (Search in Youtube) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\searchyoutube@searchyoutube.fr.xpi [2017-02-22]
FF Extension: (Simple Clocks) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\simpleClocks@grbradt.org.xpi [2016-04-28]
FF Extension: (Stacked Inspector) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\stackedinspector@example.com.xpi [2016-04-27]
FF Extension: (Stock Research) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\stockResearch@stock.research.xpi [2016-04-28]
FF Extension: (The Addon Bar (restored)) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-04]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2017-01-30]
FF Extension: (Trader.bg) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\traderbg@jetpack.xpi [2016-05-11]
FF Extension: (Tree Style Tab) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2016-11-18]
FF Extension: (URL Lister) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\urllister@binnyva.com.xpi [2016-04-28]
FF Extension: (Resurrect Pages) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-09-16]
FF Extension: (Session Manager) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (FlashGot) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2017-02-18]
FF Extension: (New tab toolbar button) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi [2016-04-28]
FF Extension: (Stylish) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-18]
FF Extension: (FEBE) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-13]
FF Extension: (youtubecustomhomepage) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{52db74c9-f566-42f2-9cb0-e72dd97f916d}.xpi [2016-04-28]
FF Extension: (ImageGrabber) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{546d2a00-2bbf-11dc-8314-0800200c9a66}.xpi [2016-04-27]
FF Extension: (ChatZilla) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-11-10]
FF Extension: (Download Status Bar) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (NoScript) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (FireFTP) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-02-18]
FF Extension: (Password Exporter) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF Extension: (Video DownloadHelper) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-02]
FF Extension: (Flash and Video Download) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-23]
FF Extension: (Web Developer) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-02-20]
FF Extension: (StockFox) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{d39a0050-191f-11df-8a39-0800200c9a66} [2016-04-28]
FF Extension: (Stock Market Quotes) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{d6b1e3fb-682a-402e-b4d4-9b8029d88314}.xpi [2016-04-28]
FF Extension: (Greasemonkey) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-02-23]
FF Extension: (Menu Editor) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2012-12-19] [not signed]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\aboutcom.xml [2013-11-10]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\amazon-search-suggestions.xml [2014-08-27]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\apple-wallet-news---google-.xml [2014-09-05]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\bitsnoop-p2p-search---217-million-valid-torrents.xml [2014-05-13]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.xml [2014-05-13]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\finviz.xml [2014-05-13]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\firefox-.xml [2014-05-13]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\firefox-add-ons.xml [2012-12-09]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\google-.xml [2015-01-04]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\images---google-.xml [2014-09-08]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\international-business-machines-corp-nyseibm-quotes--news---.xml [2014-08-18]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\introducing-your-trading-search-engine.xml [2014-08-23]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\investopedia.xml [2014-08-18]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\lifehacker.xml [2014-08-20]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\marketwatch.xml [2012-12-09]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\php-manual.xml [2015-01-02]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\quotes--info--yahoo-finance.xml [2014-08-18]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\redditcom-search-results.xml [2014-08-19]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\search---can-i-make-money---quora.xml [2014-08-24]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\search-im.xml [2012-12-09]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\thegeeks--browse.xml [2014-08-19]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\thevault--browse.xml [2015-01-02]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\torrent-search---veoble.xml [2014-08-18]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\urban-dictionary.xml [2013-12-10]
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\zelkaorg.xml [2014-09-16]
FF ProfilePath: C:\Users\nazanda\AppData\Roaming\ChatZilla\Profiles\kzibefgg.default [2017-02-23]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-02-17] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-02-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @citrixonline.com/appdetectorplugin -> C:\Users\nazanda\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\nazanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @talk.google.com/O1DPlugin -> C:\Users\nazanda\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @tools.google.com/Google Update;version=3 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @tools.google.com/Google Update;version=9 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\nazanda\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: tdameritrade.com/thinkorswim -> G:\C- Program files extention\thinkorswim\npthinkorswim.dll [2017-02-23] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: tdameritrade.com/tossc -> G:\C- Program files extention\thinkorswim\nptossc.dll [2017-02-23] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\nazanda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\nazanda\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Profile: C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Fuze on Chrome™) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcehcblfpidimbihdfophhhdejckolgh [2016-09-22]
CHR Extension: (Skype) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcehcblfpidimbihdfophhhdejckolgh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ActiveSMART Service; G:\C- Program files extention\ActiveSMART 2.96\ASmartService.exe [2029064 2014-02-02] (Ariolic Software, Ltd. (hxxp://www.ariolic.com))
R2 AdvancedSystemCareService10; D:\C programs extention\Advanced SystemCare Ultimate\ASCService.exe [1013024 2017-01-09] (IObit)
R2 ASCAntivirusSrv; D:\C programs extention\Advanced SystemCare Ultimate\ascavsvc.exe [1931552 2017-01-06] (IObit)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [277616 2012-12-14] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10242640 2017-02-09] () [File not signed]
S2 IObitUnSvr; D:\C programs extention\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2014-05-23] (Wireless) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-21] (Microsoft Corporation) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 Service KMSELDI; D:\C programs extention\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [292352 2014-02-17] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-18] (Western Digital Technologies, Inc.)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] () [File not signed]
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [183576 2016-10-27] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-22] (REALiX™)
U3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [85496 2017-02-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [165360 2014-07-21] (Windows ® Win 7 DDK provider)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation) [File not signed]
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12323072 2007-01-26] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-02-17] ()
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-11-02] (BitDefender S.R.L.)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-06-01] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-06-01] (ZTE)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 MFE_RR; \??\C:\Users\nazanda\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 18:34 - 2017-02-24 18:35 - 00046850 _____ C:\Users\nazanda\Downloads\FRST.txt
2017-02-24 18:34 - 2017-02-24 18:34 - 02423296 _____ (Farbar) C:\Users\nazanda\Downloads\FRST64.exe
2017-02-24 15:07 - 2017-02-24 15:09 - 00000000 ____D C:\Users\nazanda\Downloads\exodus
2017-02-24 12:33 - 2017-02-24 12:33 - 00000020 ___SH C:\Users\TEMP.nazanda-PC.023\ntuser.ini
2017-02-24 12:33 - 2017-02-24 12:33 - 00000000 _SHDL C:\Users\TEMP.nazanda-PC.023\My Documents
2017-02-24 12:33 - 2017-02-24 12:33 - 00000000 _SHDL C:\Users\TEMP.nazanda-PC.023\Documents\My Videos
2017-02-24 12:33 - 2017-02-24 12:33 - 00000000 _SHDL C:\Users\TEMP.nazanda-PC.023\Documents\My Pictures
2017-02-24 12:33 - 2017-02-24 12:33 - 00000000 _SHDL C:\Users\TEMP.nazanda-PC.023\Documents\My Music
2017-02-24 12:33 - 2017-02-24 12:33 - 00000000 ____D C:\Users\TEMP.nazanda-PC.023
2017-02-24 12:33 - 2014-02-16 02:48 - 00000000 ____D C:\Users\TEMP.nazanda-PC.023\AppData\Local\Microsoft Help
2017-02-24 12:33 - 2013-12-30 13:18 - 00000000 ____D C:\Users\TEMP.nazanda-PC.023\AppData\Roaming\Macromedia
2017-02-24 12:33 - 2010-11-21 09:16 - 00000000 ____D C:\Users\TEMP.nazanda-PC.023\AppData\Roaming\Media Center Programs
2017-02-24 12:32 - 2017-02-24 12:33 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-02-24 00:16 - 2017-02-24 00:16 - 00000000 ____D C:\Windows\CheckSur
2017-02-23 13:23 - 2017-02-23 13:23 - 00000000 ____D C:\Users\nazanda\Documents\Security
2017-02-23 12:48 - 2017-02-23 12:48 - 00003382 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-02-23 12:48 - 2017-02-23 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-02-23 12:48 - 2010-12-06 04:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2017-02-23 08:05 - 2017-02-23 12:50 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\ProductData
2017-02-22 23:57 - 2016-10-27 13:54 - 00183576 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2017-02-22 23:55 - 2017-02-24 12:34 - 00000000 ____D C:\Users\nazanda\AppData\LocalLow\uTorrent
2017-02-22 22:58 - 2017-02-24 12:39 - 00002894 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (nazanda)
2017-02-22 22:58 - 2017-02-22 22:59 - 00002280 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-02-22 22:58 - 2017-02-22 22:58 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-22 22:58 - 2017-02-22 22:58 - 00003262 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-02-22 22:58 - 2017-02-22 22:58 - 00000000 ____D C:\Windows\IObit
2017-02-22 22:58 - 2017-02-22 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-22 16:56 - 2017-02-22 16:56 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-02-22 16:56 - 2017-02-22 16:56 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-22 16:56 - 2016-11-02 19:11 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-02-22 16:55 - 2017-02-23 13:11 - 00000000 ____D C:\ProgramData\ProductData
2017-02-22 16:55 - 2017-02-23 00:29 - 00001139 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate 10.lnk
2017-02-22 16:55 - 2017-02-22 16:57 - 00003036 _____ C:\Windows\System32\Tasks\ASCU10_PerformanceMonitor
2017-02-22 16:55 - 2017-02-22 16:57 - 00000000 ____D C:\Users\nazanda\AppData\LocalLow\IObit
2017-02-22 16:55 - 2017-02-22 16:55 - 00002902 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_nazanda
2017-02-22 16:55 - 2017-02-22 16:55 - 00002880 _____ C:\Windows\System32\Tasks\ASCU10_SkipUac_nazanda
2017-02-22 16:55 - 2017-02-22 16:55 - 00000918 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-02-22 16:55 - 2017-02-22 16:55 - 00000918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-02-22 16:55 - 2017-02-22 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-02-22 16:55 - 2017-02-22 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
2017-02-22 16:55 - 2017-02-22 16:55 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2017-02-22 16:55 - 2017-02-22 16:55 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2017-02-22 16:54 - 2017-02-23 00:25 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\IObit
2017-02-22 16:54 - 2017-02-23 00:25 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-22 16:54 - 2017-02-22 23:56 - 00000000 ____D C:\ProgramData\IObit
2017-02-22 16:21 - 2016-07-22 16:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-22 16:21 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-21 17:30 - 2017-02-21 17:30 - 00000719 _____ C:\Users\Public\Desktop\Reprofiler.lnk
2017-02-21 16:20 - 2017-02-21 16:21 - 00000266 _____ C:\Users\nazanda\Desktop\bitcoin.txt
2017-02-20 18:09 - 2017-02-21 00:15 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Audacity
2017-02-20 18:09 - 2017-02-20 18:09 - 00000719 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-02-20 18:09 - 2017-02-20 18:09 - 00000719 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-02-20 17:59 - 2017-02-20 17:59 - 24210616 _____ (Audacity Team ) C:\Users\nazanda\Downloads\audacity-win-2.1.0.exe
2017-02-20 11:28 - 2017-02-22 23:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-20 11:27 - 2017-02-20 11:27 - 55566792 _____ (Malwarebytes ) C:\Users\nazanda\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-20 04:59 - 2017-02-20 04:59 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-02-20 04:40 - 2017-02-20 04:40 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-02-18 01:35 - 2017-02-18 01:35 - 00000610 _____ C:\Users\nazanda\Desktop\84.txt
2017-02-18 00:07 - 2017-02-18 00:07 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-17 21:17 - 2017-02-17 21:17 - 00001831 _____ C:\config.ini
2017-02-17 21:17 - 2017-02-17 21:17 - 00000000 ____D C:\Quarantine
2017-02-17 21:13 - 2017-02-17 21:13 - 00004304 _____ C:\Users\nazanda\Desktop\Untitled231312.jpeg
2017-02-17 20:59 - 2017-02-17 20:59 - 00011303 _____ C:\Users\nazanda\Desktop\JRT.txt
2017-02-17 20:16 - 2016-08-16 19:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-17 20:16 - 2016-08-16 04:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-17 20:16 - 2016-08-16 04:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-17 20:16 - 2016-08-12 18:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-17 20:16 - 2016-08-12 18:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-17 20:16 - 2016-08-12 18:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-17 20:16 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-02-17 20:16 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-02-17 20:16 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-02-17 20:16 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-02-17 20:16 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-02-17 20:16 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-02-17 20:16 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-02-17 20:16 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-02-17 20:16 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-02-17 20:16 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-02-17 20:16 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-02-17 20:16 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-02-17 20:16 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-02-17 20:16 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-02-17 20:16 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-02-17 20:16 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-02-17 20:16 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-02-17 20:16 - 2015-12-08 21:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-02-17 20:16 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-02-17 20:16 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-17 20:16 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-17 20:16 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-17 20:16 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-02-17 20:16 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-02-17 20:16 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-02-17 20:16 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-02-17 20:16 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-02-17 20:15 - 2016-09-12 23:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-17 20:15 - 2016-09-12 23:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-17 20:15 - 2016-09-09 17:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-17 20:15 - 2016-07-07 17:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-17 20:15 - 2016-07-07 17:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-17 20:15 - 2016-07-07 17:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-17 20:15 - 2016-07-07 17:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-17 20:15 - 2016-07-01 17:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-17 20:15 - 2016-07-01 17:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-17 20:15 - 2016-07-01 17:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-17 20:15 - 2016-07-01 17:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-17 20:15 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-17 20:15 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-17 20:15 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-02-17 20:15 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-02-17 20:15 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-02-17 20:15 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-17 20:15 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-02-17 20:15 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-02-17 20:15 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-02-17 20:15 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-02-17 20:15 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-02-17 20:15 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-02-17 20:15 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-17 20:15 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-17 20:15 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-17 20:15 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-17 20:15 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-02-17 20:15 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2017-02-17 20:15 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-02-17 20:15 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-17 20:15 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-02-17 20:15 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-02-17 20:15 - 2016-02-09 11:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-02-17 20:15 - 2016-02-05 03:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-02-17 20:15 - 2016-02-04 20:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-02-17 20:15 - 2016-02-03 20:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-02-17 20:15 - 2016-01-11 21:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-02-17 20:15 - 2015-12-20 20:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-17 20:15 - 2015-12-20 20:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-02-17 20:15 - 2015-12-20 16:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-02-17 20:15 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-02-17 20:15 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-02-17 20:15 - 2015-11-14 01:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-02-17 20:15 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-02-17 20:15 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-02-17 20:15 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-02-17 20:15 - 2015-11-11 20:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-02-17 20:15 - 2015-11-11 20:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-02-17 20:15 - 2015-11-11 20:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-02-17 20:15 - 2015-11-11 20:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-02-17 20:15 - 2015-11-03 21:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-17 20:15 - 2015-11-03 20:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-17 20:15 - 2015-10-13 18:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-02-17 20:15 - 2015-10-13 18:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-02-17 20:15 - 2015-10-13 06:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-02-17 20:15 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-02-17 20:15 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-02-17 20:15 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-02-17 20:15 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-02-17 20:15 - 2015-07-16 21:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-17 20:15 - 2015-07-16 21:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2017-02-17 20:15 - 2015-07-16 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-02-17 20:15 - 2015-07-16 21:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-17 20:15 - 2015-07-16 21:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2017-02-17 20:15 - 2015-07-16 21:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-17 20:15 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-02-17 20:15 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-02-17 20:15 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-02-17 20:07 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-02-17 20:07 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-17 18:50 - 2017-02-24 12:38 - 00000000 ____D C:\Users\nazanda\AppData\LocalLow\Mozilla
2017-02-17 18:47 - 2017-02-17 19:58 - 00000000 ____D C:\Users\TEMP.nazanda-PC.021
2017-02-17 18:11 - 2017-02-17 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-17 18:11 - 2017-02-17 18:11 - 00006612 _____ C:\Users\nazanda\Desktop\rogue.txt
2017-02-17 17:52 - 2017-02-17 17:52 - 00774592 _____ C:\Users\nazanda\Desktop\adsdasdsa.html
2017-02-17 10:45 - 2017-02-17 10:45 - 00085496 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2017-02-17 04:18 - 2017-02-17 07:37 - 00000000 ____D C:\Users\TEMP.nazanda-PC.022
2017-02-17 03:06 - 2017-02-17 03:06 - 00000989 _____ C:\Users\Public\Desktop\UnCleaner.lnk
2017-02-17 03:06 - 2017-02-17 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2017-02-17 03:06 - 2017-02-17 03:06 - 00000000 ____D C:\Program Files\UnCleaner
2017-02-15 01:09 - 2017-02-15 01:09 - 00000000 ____D C:\Users\nazanda\Pavark
2017-02-13 13:38 - 2017-02-13 13:38 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\ChatZilla
2017-02-13 13:38 - 2017-02-13 13:38 - 00000000 ____D C:\Users\nazanda\AppData\Local\ChatZilla
2017-02-13 13:33 - 2017-02-13 13:33 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatZilla.lnk
2017-02-13 12:56 - 2017-02-24 18:35 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\quassel-irc.org
2017-02-13 12:55 - 2017-02-13 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quassel
2017-02-13 08:45 - 2017-02-13 08:45 - 00000000 ____D C:\fbba398198665ed69b9c7fc0
2017-02-08 05:50 - 2017-02-08 05:50 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-02-07 21:49 - 2017-02-08 17:23 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\discord
2017-02-07 21:49 - 2017-02-07 21:49 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-07 21:49 - 2017-02-07 21:49 - 00000000 ____D C:\Users\nazanda\AppData\Local\SquirrelTemp
2017-02-07 21:49 - 2017-02-07 21:49 - 00000000 ____D C:\Users\nazanda\AppData\Local\Discord
2017-02-07 16:24 - 2017-02-07 18:22 - 00000000 ____D C:\Users\TEMP.nazanda-PC.020
2017-02-06 16:04 - 2017-02-06 16:12 - 00000000 ____D C:\Users\TEMP.nazanda-PC.019
2017-02-01 04:47 - 2017-02-01 04:50 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\DeleteSkypeHistory-NE
2017-01-31 13:31 - 2017-01-31 13:45 - 00000000 ____D C:\Users\TEMP.nazanda-PC.018

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 18:35 - 2016-12-18 05:39 - 00000000 ____D C:\ProgramData\Gramblr
2017-02-24 18:35 - 2013-07-12 14:32 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\uTorrent
2017-02-24 18:34 - 2015-01-05 23:26 - 00000000 ____D C:\FRST
2017-02-24 18:34 - 2014-07-27 09:02 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Azureus
2017-02-24 18:34 - 2013-12-10 17:55 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Skype
2017-02-24 18:32 - 2015-05-15 13:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-24 18:30 - 2014-02-14 03:17 - 00000542 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000.job
2017-02-24 18:14 - 2014-01-14 16:42 - 00000000 ____D C:\PurgeIE
2017-02-24 16:49 - 2015-05-30 03:14 - 00000638 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1315861483-2587834430-1896926071-1000.job
2017-02-24 15:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-02-24 15:04 - 2014-01-08 00:26 - 00000000 ____D C:\Users\nazanda\AppData\Local\CrashDumps
2017-02-24 12:48 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 12:48 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 12:46 - 2016-04-06 20:00 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\ViberPC
2017-02-24 12:33 - 2014-08-09 15:56 - 00000000 ____D C:\ProgramData\Western Digital
2017-02-24 12:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 12:32 - 2013-11-20 20:14 - 00410848 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-24 12:31 - 2014-12-29 16:42 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-24 12:31 - 2014-06-21 10:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-24 12:31 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-24 06:41 - 2014-01-21 19:26 - 00000000 ____D C:\Program Files\SharePoint Client Components
2017-02-24 00:16 - 2013-07-16 19:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 00:14 - 2013-07-11 20:08 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-24 00:13 - 2013-09-25 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-24 00:12 - 2013-09-25 14:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-24 00:12 - 2013-09-25 14:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-24 00:10 - 2013-07-25 15:45 - 00395290 _____ C:\Windows\system32\perfh011.dat
2017-02-24 00:10 - 2013-07-25 15:45 - 00110792 _____ C:\Windows\system32\perfc011.dat
2017-02-24 00:10 - 2013-07-25 15:40 - 00478954 _____ C:\Windows\system32\perfh006.dat
2017-02-24 00:10 - 2013-07-25 15:40 - 00085962 _____ C:\Windows\system32\perfc006.dat
2017-02-24 00:10 - 2013-07-25 15:31 - 00381950 _____ C:\Windows\system32\prfh0404.dat
2017-02-24 00:10 - 2013-07-25 15:31 - 00103760 _____ C:\Windows\system32\prfc0404.dat
2017-02-24 00:10 - 2013-07-25 15:26 - 00681954 _____ C:\Windows\system32\prfh0416.dat
2017-02-24 00:10 - 2013-07-25 15:26 - 00134590 _____ C:\Windows\system32\prfc0416.dat
2017-02-24 00:10 - 2013-07-25 15:22 - 00697430 _____ C:\Windows\system32\prfh0816.dat
2017-02-24 00:10 - 2013-07-25 15:22 - 00140068 _____ C:\Windows\system32\prfc0816.dat
2017-02-24 00:10 - 2013-07-25 15:19 - 00708308 _____ C:\Windows\system32\perfh015.dat
2017-02-24 00:10 - 2013-07-25 15:19 - 00142068 _____ C:\Windows\system32\perfc015.dat
2017-02-24 00:10 - 2013-07-25 15:15 - 00626440 _____ C:\Windows\system32\perfh01F.dat
2017-02-24 00:10 - 2013-07-25 15:15 - 00127376 _____ C:\Windows\system32\perfc01F.dat
2017-02-24 00:10 - 2013-07-25 15:09 - 00365366 _____ C:\Windows\system32\prfh0804.dat
2017-02-24 00:10 - 2013-07-25 15:09 - 00108468 _____ C:\Windows\system32\prfc0804.dat
2017-02-24 00:10 - 2013-07-25 14:58 - 00693470 _____ C:\Windows\system32\perfh019.dat
2017-02-24 00:10 - 2013-07-25 14:58 - 00138464 _____ C:\Windows\system32\perfc019.dat
2017-02-24 00:10 - 2013-07-25 14:52 - 00572582 _____ C:\Windows\system32\perfh008.dat
2017-02-24 00:10 - 2013-07-25 14:52 - 00096936 _____ C:\Windows\system32\perfc008.dat
2017-02-24 00:10 - 2013-07-25 14:48 - 00633634 _____ C:\Windows\system32\perfh01D.dat
2017-02-24 00:10 - 2013-07-25 14:48 - 00129746 _____ C:\Windows\system32\perfc01D.dat
2017-02-24 00:10 - 2013-07-25 14:45 - 00406702 _____ C:\Windows\system32\perfh012.dat
2017-02-24 00:10 - 2013-07-25 14:45 - 00109078 _____ C:\Windows\system32\perfc012.dat
2017-02-24 00:10 - 2013-07-25 14:42 - 00639172 _____ C:\Windows\system32\perfh005.dat
2017-02-24 00:10 - 2013-07-25 14:42 - 00128344 _____ C:\Windows\system32\perfc005.dat
2017-02-24 00:10 - 2013-07-25 14:34 - 00710466 _____ C:\Windows\system32\perfh013.dat
2017-02-24 00:10 - 2013-07-25 14:34 - 00139680 _____ C:\Windows\system32\perfc013.dat
2017-02-24 00:10 - 2013-07-25 14:29 - 00450506 _____ C:\Windows\system32\perfh00B.dat
2017-02-24 00:10 - 2013-07-25 14:29 - 00088476 _____ C:\Windows\system32\perfc00B.dat
2017-02-24 00:10 - 2013-07-25 14:26 - 00651118 _____ C:\Windows\system32\perfh00E.dat
2017-02-24 00:10 - 2013-07-25 14:26 - 00156726 _____ C:\Windows\system32\perfc00E.dat
2017-02-24 00:10 - 2013-07-25 14:22 - 00712656 _____ C:\Windows\system32\perfh00A.dat
2017-02-24 00:10 - 2013-07-25 14:22 - 00144438 _____ C:\Windows\system32\perfc00A.dat
2017-02-24 00:10 - 2013-07-25 14:19 - 00365886 _____ C:\Windows\system32\perfh00D.dat
2017-02-24 00:10 - 2013-07-25 14:19 - 00073474 _____ C:\Windows\system32\perfc00D.dat
2017-02-24 00:10 - 2013-07-25 14:15 - 00707758 _____ C:\Windows\system32\perfh010.dat
2017-02-24 00:10 - 2013-07-25 14:15 - 00133722 _____ C:\Windows\system32\perfc010.dat
2017-02-24 00:10 - 2013-07-25 14:13 - 00713042 _____ C:\Windows\system32\perfh00C.dat
2017-02-24 00:10 - 2013-07-25 14:13 - 00136400 _____ C:\Windows\system32\perfc00C.dat
2017-02-24 00:10 - 2013-07-25 14:08 - 00663600 _____ C:\Windows\system32\perfh007.dat
2017-02-24 00:10 - 2013-07-25 14:08 - 00136008 _____ C:\Windows\system32\perfc007.dat
2017-02-23 13:28 - 2013-07-25 14:27 - 00000000 ____D C:\Users\nazanda\AppData\Local\ElevatedDiagnostics
2017-02-23 13:23 - 2014-12-03 07:35 - 00000000 __SHD C:\Users\nazanda\AppData\LocalLow\EmieBrowserModeList
2017-02-23 13:23 - 2014-07-04 02:49 - 00000000 __SHD C:\Users\nazanda\AppData\LocalLow\EmieUserList
2017-02-23 13:23 - 2014-07-04 02:48 - 00000000 __SHD C:\Users\nazanda\AppData\LocalLow\EmieSiteList
2017-02-23 12:26 - 2013-12-27 20:56 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Media Player Classic
2017-02-23 12:26 - 2013-12-16 07:39 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\DAEMON Tools Lite
2017-02-23 11:19 - 2015-02-09 14:07 - 00000000 ____D C:\Users\nazanda\.thinkorswim
2017-02-22 23:59 - 2014-12-25 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 23:57 - 2014-12-25 07:38 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 23:57 - 2014-07-16 21:36 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 23:54 - 2013-07-25 00:36 - 00000000 ____D C:\ProgramData\Avira
2017-02-22 23:54 - 2013-07-25 00:36 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-22 23:06 - 2014-01-21 19:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-22 02:29 - 2013-07-12 13:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-22 00:04 - 2015-01-21 02:51 - 00000000 ____D C:\Users\nazanda\AppData\Local\PokerStars.BG
2017-02-18 22:44 - 2015-05-30 03:14 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1315861483-2587834430-1896926071-1000
2017-02-18 22:44 - 2014-02-14 03:17 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000
2017-02-18 15:03 - 2013-07-13 15:23 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\vlc
2017-02-18 11:39 - 2015-10-16 22:42 - 00000000 ____D C:\Users\nazanda\AppData\Local\Greenshot
2017-02-18 01:59 - 2015-08-08 02:08 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Telegram Desktop
2017-02-17 21:23 - 2016-01-27 15:08 - 00000000 ____D C:\Users\nazanda\AppData\Local\Package Cache
2017-02-17 20:00 - 2013-07-12 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-17 18:47 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-17 18:37 - 2013-07-11 20:09 - 00000000 ____D C:\Users\nazanda
2017-02-17 18:26 - 2013-09-01 10:38 - 00000000 ____D C:\AdwCleaner
2017-02-17 17:46 - 2016-02-07 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-17 17:46 - 2016-02-07 16:04 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-17 17:44 - 2016-02-07 16:04 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-17 17:39 - 2016-02-07 16:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-17 16:00 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-02-17 11:03 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-17 08:00 - 2013-07-16 17:29 - 00000000 ____D C:\ProgramData\TEMP
2017-02-17 07:57 - 2013-07-25 09:15 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-17 07:43 - 2016-03-10 07:21 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-02-17 03:24 - 2014-03-16 16:52 - 00000000 ____D C:\Windows\SysWOW64\SupportAppXL
2017-02-17 03:23 - 2013-07-12 00:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-16 11:26 - 2016-12-01 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-16 11:24 - 2016-12-18 05:39 - 00000000 ____D C:\Program Files\Gramblr
2017-02-16 11:24 - 2015-01-20 03:23 - 00000000 ____D C:\Users\nazanda\.matplotlib
2017-02-16 03:40 - 2014-12-09 11:49 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Raptr
2017-02-15 09:32 - 2015-05-15 13:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 09:32 - 2015-01-23 08:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 09:32 - 2015-01-23 08:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 09:32 - 2013-07-12 16:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 09:32 - 2013-07-12 16:27 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 00:59 - 2014-07-16 19:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-14 23:25 - 2013-07-12 11:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-14 23:25 - 2013-07-12 11:51 - 00000000 ____D C:\ProgramData\Skype
2017-02-14 08:57 - 2013-07-26 14:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-14 05:15 - 2013-08-02 19:19 - 00007624 _____ C:\Users\nazanda\AppData\Local\resmon.resmoncfg
2017-02-08 05:50 - 2014-06-12 17:06 - 00000000 ____D C:\Users\nazanda\AppData\Roaming\Zoom
2017-02-07 19:02 - 2016-02-09 05:37 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 19:02 - 2016-02-09 05:37 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 13:09 - 2014-08-18 19:40 - 00000410 _____ C:\Windows\Tasks\Backup of C xml.job
2017-01-27 18:40 - 2016-02-04 14:07 - 00002168 _____ C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-01-27 18:40 - 2016-02-04 14:07 - 00000000 ___RD C:\Users\nazanda\OneDrive

==================== Files in the root of some directories =======

2014-02-14 04:58 - 2014-02-14 05:47 - 0000096 _____ () C:\Users\nazanda\AppData\Roaming\Camdata.ini
2014-02-14 04:58 - 2014-02-14 05:47 - 0000408 _____ () C:\Users\nazanda\AppData\Roaming\CamLayout.ini
2014-02-14 04:58 - 2014-02-14 05:47 - 0000408 _____ () C:\Users\nazanda\AppData\Roaming\CamShapes.ini
2014-02-14 04:58 - 2014-02-14 05:47 - 0004535 _____ () C:\Users\nazanda\AppData\Roaming\CamStudio.cfg
2014-02-14 03:24 - 2014-02-14 05:47 - 0000096 _____ () C:\Users\nazanda\AppData\Roaming\version2.xml
2015-01-03 10:05 - 2015-01-03 10:05 - 0000038 ___SH () C:\Users\nazanda\AppData\Local\19586887405102195a546766.13213362
2015-02-09 22:40 - 2015-02-09 22:40 - 0178814 _____ () C:\Users\nazanda\AppData\Local\67A2DA49_stp.CIS
2015-02-09 22:40 - 2015-02-09 22:40 - 0000266 _____ () C:\Users\nazanda\AppData\Local\67A2DA49_stp.CIS.part
2015-02-09 22:40 - 2015-02-09 22:40 - 0000199 _____ () C:\Users\nazanda\AppData\Local\694C50D0_stp.EXE.part
2013-07-24 05:51 - 2016-03-07 05:55 - 0022528 _____ () C:\Users\nazanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-02 19:19 - 2017-02-14 05:15 - 0007624 _____ () C:\Users\nazanda\AppData\Local\resmon.resmoncfg
2014-11-02 21:14 - 2014-11-02 21:14 - 0000000 _____ () C:\Users\nazanda\AppData\Local\{C983F4B3-A10B-4961-917E-BC589260A01A}

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\authui.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 07:03

==================== End of FRST.txt ============================



#4 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 February 2017 - 12:48 PM

more

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 25 February 2017 - 09:18 AM

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) D:\C programs extention\KMSpico\Service_KMS.exe
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Zoom] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js [2017-02-23]
FF Extension: (youtubecustomhomepage) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{52db74c9-f566-42f2-9cb0-e72dd97f916d}.xpi [2016-04-28]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
R2 Service KMSELDI; D:\C programs extention\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 MFE_RR; \??\C:\Users\nazanda\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
Task: {6682EF0E-E3A2-4939-90F5-7D72353E4655} - System32\Tasks\{C72B4C42-5F25-4AA7-98D7-DA3529824E33} => pcalua.exe -a "F:\firefox downloads\firefox 01 22 2014\jxpiinstall(1).exe" -d "F:\firefox downloads\firefox 01 22 2014"
Task: {E9B5664F-C92A-44B3-98AA-8E882CD9F5E8} - System32\Tasks\AutoPico Daily Restart => D:\C programs extention\KMSpico\AutoPico.exe [2015-11-01] (@ByELDI)
AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A [122]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [153]
FirewallRules: [{D6E59578-35D8-4264-973D-F06EFB542A17}] => (Allow) D:\C programs extention\KMSpico\Service_KMS.exe
FirewallRules: [{B6EA663D-9736-4D3F-8010-897251BC9B91}] => (Allow) D:\C programs extention\KMSpico\Service_KMS.exe
D:\C programs extention\KMSpico
C:\Windows\SysWOW64\authui.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#6 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 26 February 2017 - 08:24 AM

A friend told me to install and allow this kms program


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 26 February 2017 - 09:39 AM

Why?

Edited by nasdaq, 26 February 2017 - 09:40 AM.


#8 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 26 February 2017 - 10:20 AM

apparently i was getting some error from windows, he said this would fix it

 

he also suggested the iobit antivir is the best one to use and

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

 
this could be one of the changes iobit made?

 

FF user.js: detected! => C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js [2017-02-23]

 

whats that in my firefox profile?

FF Extension: (youtubecustomhomepage) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{52db74c9-f566-42f2-9cb0-e72dd97f916d}.xpi [2016-04-28]

 

i like youtube customhomepage 

 

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

 
dont remember this one though, ff plugin for microsoft
 
is this why i keep getting this licence reminder when i think this copy is all legit cuz i got it from the guy that built my computer i think, cuz i dont even have a cd on this ,so i dont remember installing windows with a usb 
 

btw ,now that i did your fix, a lot of my jumplists are gone? what happened do you think?

 

Also, i got logged out of my accounts on chrome? 


Edited by raror, 26 February 2017 - 10:52 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 27 February 2017 - 07:42 AM


KMSpico
apparently i was getting some error from windows, he said this would fix it

Not correct. You are or were using Microsoft products without valid keys. We do not support that.
===

is this why i keep getting this licence reminder when i think this copy is all legit cuz i got it from the guy that built my computer i think
Yes.
http://kmspi.co/
---

The other changes I made I would do on my own computer.
They are not required.

===

a lot of my jumplists are gone

Jumplist are from your Most recent documents.
The Cleanup removed them.
They should return once you visit to the sites.

===

What is wrong with Chrome?

#10 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 28 February 2017 - 05:53 AM

i logged out ,out of all the accounts , i guess you cleared the cookies. im just mentioning it to you so you know  ,cuz i didnt know the fix would do that.

 

jumplists ,like folder jumplists? what sites? all of them are gone, the notepad ones, the excel ones, the windows explorer ones



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 28 February 2017 - 09:30 AM


Tell you the truth you are the first one telling me that the Items in the jumplist are gone.

If may be a new function of the Farbar fix when the Temporary files are deleted. I will have to check it later.

The list can be recreated.
How to:
http://www.k2e.com/tech-update/tips/168-pinning-a-folder-to-the-explorer-jump-list-in-windows-7
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users