Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and linkis are redirected


  • This topic is locked This topic is locked
7 replies to this topic

#1 YassineStevie

YassineStevie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 09 April 2017 - 12:57 PM

Hey guys, earlier this week I tried to download an activator for my windows and during the process I'm sure I downloaded a malware/virus within the file, and I now I keep getting redirected and p[op-ups as well as my windows defender is disabled and I'm not able to re-activate it again, I have followed the steps from the guide

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Yassine (administrator) on YASSINE (09-04-2017 12:43:11)
Running from F:\Users\Yassine\Downloads
Loaded Profiles: Yassine (Available Profiles: Yassine)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) F:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) F:\Windows\System32\rundll32.exe
() F:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Digital Wave Ltd.) F:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hola Networks Ltd.) F:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) F:\Program Files\Hola\app\hola_updater.exe
(AnchorFree Inc.) F:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(UASSOFT.COM) F:\Program Files (x86)\5-button mouse\KMWDSrv.exe
(NVIDIA Corporation) F:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) F:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() F:\Windows\Temp\g74A4.tmp.exe
() F:\Windows\System32\PnkBstrA.exe
(Razer Inc.) F:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() F:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Rosetta Stone Ltd.) F:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(TorrentsTime) F:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
(Popcorn Time) F:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) F:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Hewlett-Packard Development Company, LP) F:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) F:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) F:\Users\Yassine\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Spotify Ltd) F:\Users\Yassine\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) F:\Users\Yassine\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) F:\Users\Yassine\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) F:\Users\Yassine\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) F:\Windows\System32\rundll32.exe
(Microsoft Corporation) F:\Windows\SysWOW64\rundll32.exe
() F:\Users\Yassine\AppData\Local\Ucggmedia\Windows_Activaton.exe
(Microsoft Corporation) F:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) F:\Windows\System32\regsvr32.exe
(Microsoft Corporation) F:\Windows\SysWOW64\regsvr32.exe
(Razer Inc.) F:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Wondershare) F:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) F:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(UASSOFT.COM) F:\Program Files (x86)\5-button mouse\StartAutorun.exe
(UASSOFT.COM) F:\Program Files (x86)\5-button mouse\KMCONFIG.exe
(Microsoft Corporation) F:\Windows\System32\dllhost.exe
() F:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(UASSOFT.COM) F:\Program Files (x86)\5-button mouse\KMProcess.exe
(Razer, Inc.) F:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) F:\Users\Yassine\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Innovative Digital Technologies) F:\Users\Yassine\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Innovative Digital Technologies) F:\Users\Yassine\AppData\Roaming\ACEStream\engine\ace_engine.exe
() F:\Windows\Temp\g72ED.tmp.exe
() F:\Users\Yassine\AppData\Roaming\ACEStream\updater\ace_update.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\nacl64.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\nacl64.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) F:\Users\Yassine\AppData\Roaming\BitTorrent\updates\7.9.9_43389.exe
(BitTorrent Inc.) F:\Users\Yassine\AppData\Roaming\BitTorrent\updates\updates\7.9.9_43389\bittorrentie.exe
(BitTorrent Inc.) F:\Users\Yassine\AppData\Roaming\BitTorrent\updates\updates\7.9.9_43389\bittorrentie.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) F:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) F:\Windows\System32\Taskmgr.exe
(Piriform Ltd) F:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) F:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) F:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) F:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) F:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => F:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "F:\Windows\system32\rundll32.exe" F:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => F:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [hola] => F:\Program Files\Hola\app\hola.exe [2168416 2017-02-22] (Hola Networks Ltd.) <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => F:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => F:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [HP Software Update] => F:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [KMCONFIG] => "F:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe
HKLM\...\RunOnce: [YASSINE] => F:\Windows\TEMP\g74A4.tmp.exe [173568 2017-04-08] () <===== ATTENTION
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [DAEMON Tools Lite Automount] => F:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [CCleaner Monitoring] => F:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Google Update] => F:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-01] (Google Inc.)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [AceStream] => F:\Users\Yassine\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2017-03-20] (Innovative Digital Technologies)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [GoogleChromeAutoLaunch_2932DCEFB9C67AD9BBDD306A0B96BD18] => F:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Skype] => F:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [HP ENVY 4520 series (NET)] => F:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Spotify Web Helper] => F:\Users\Yassine\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Spotify] => F:\Users\Yassine\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Discord] => F:\Users\Yassine\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [eidstc] => rundll32.exe "F:\Users\Yassine\AppData\Local\eidstc.dll",eidstc <===== ATTENTION
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Ucggmedia] => F:\Users\Yassine\AppData\Local\Ucggmedia\Windows_Activaton.exe [292400 2017-03-20] ()
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Usrwmedia] => F:\Windows\SysWOW64\regsvr32.exe F:\Users\Yassine\AppData\Local\Ucggmedia\qdgqaqnx.dll <===== ATTENTION
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [YwngPack] => regsvr32.exe F:\Users\Yassine\AppData\Local\YwngPack\bknsahmx.dll <===== ATTENTION
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\MountPoints2: {31ffb564-36c4-11e5-824f-e03f49ae4a87} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\MountPoints2: {4e2b2589-8b16-11e5-828b-e03f49ae4a87} - "D:\setup_hollow_knight_1.0.0.5_(10092).exe"
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\MountPoints2: {cfd51830-ff2c-11e5-82bd-e03f49ae4a87} - "D:\Setup.exe"
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> F:\Windows\system32\lol.scr

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CCD39854-1B72-4294-BCC6-5E74E56DBE91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{CCD39854-1B72-4294-BCC6-5E74E56DBE91}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D9ED4A53-3666-49D4-BBF7-76255759F6DE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EA4C395D-1878-4CA8-8223-4CC85B2173E7}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.daum.net/
HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: F:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\lgrbha3z.default-1491759577949 [2017-04-09]
FF HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - F:\Users\Yassine\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - F:\Users\Yassine\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> F:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> F:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> F:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> F:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> F:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> F:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> F:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-02-16] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-02-16] (Hola)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @acestream.net/acestreamplugin,version=3.1.2 -> F:\Users\Yassine\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-31] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @hola.org/FlashPlayer -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-02-16] ()
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @hola.org/vlc -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-02-16] (Hola)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @talk.google.com/GoogleTalkPlugin -> F:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @talk.google.com/O1DPlugin -> F:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @tools.google.com/Google Update;version=3 -> F:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @tools.google.com/Google Update;version=9 -> F:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: torrents-time.com/TTPlugin -> F:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
FF Plugin ProgramFiles/Appdata: F:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: F:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: F:\Users\Yassine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: F:\Users\Yassine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.ca/
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default [2017-04-09]
CHR Extension: (Google Slides) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-05]
CHR Extension: (Magic Actions for YouTube™) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-04-08]
CHR Extension: (Google Docs) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-05]
CHR Extension: (Google Drive) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-05]
CHR Extension: (ImprovedTube - YouTube Extension) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2017-04-04]
CHR Extension: (Google Cast) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-30]
CHR Extension: (Videostream for Google Chromecast™) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-03-29]
CHR Extension: (High Contrast) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-11-08]
CHR Extension: (Adobe Acrobat) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Video Downloader professional) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-05]
CHR Extension: (Google Sheets) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-05]
CHR Extension: (Google Docs Offline) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (AdBlock) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-08]
CHR Extension: (Unlimited Free VPN - Hola) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-04-09]
CHR Extension: (Grammarly for Chrome) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-04-08]
CHR Extension: (Reddit Enhancement Suite) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (Google Hangouts) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-15]
CHR Extension: (Fiery Horse chrome Theme) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp [2017-02-04]
CHR Extension: (Chrome Web Store Payments) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Hover Zoom+) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-03-22]
CHR Extension: (Click&Clean App) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-04-01]
CHR Extension: (Gmail) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-05]
CHR Extension: (Chrome Media Router) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-577004517-2011418438-2702626766-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-577004517-2011418438-2702626766-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) Operadeveloper - F:\Program Files (x86)\Opera developer\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; F:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 DigitalWave.Update.Service; F:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [387944 2016-05-18] (Digital Wave Ltd.)
S3 Disc Soft Lite Bus Service; F:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; F:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 hola_svc; F:\Program Files\Hola\app\hola_svc.exe [5622368 2017-02-22] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; F:\Program Files\Hola\app\hola_updater.exe [5622368 2017-02-22] (Hola Networks Ltd.) <==== ATTENTION
R2 hshld; F:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2757752 2016-06-28] (AnchorFree Inc.)
S3 HssTrayService; F:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-06-28] ()
R2 KMWDSERVICE; F:\Program Files (x86)\5-button mouse\KMWDSrv.exe [201216 2009-10-08] (UASSOFT.COM) [File not signed]
S3 npggsvc; F:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; F:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-04-06] (Electronic Arts)
S2 Origin Web Helper Service; F:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-04-06] (Electronic Arts)
R2 PnkBstrA; F:\Windows\system32\PnkBstrA.exe [76152 2016-03-05] ()
R2 PnkBstrA; F:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-29] ()
R2 Razer Chroma SDK Service; F:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-02-01] (Razer Inc.)
R2 Razer Game Scanner Service; F:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 TTService; F:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3278336 2017-01-27] (TorrentsTime) [File not signed]
S3 TunngleService; F:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
R2 Update service; F:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; F:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; F:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; F:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 dg_ssudbus; F:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; F:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-14] (Disc Soft Ltd)
S3 Hamachi; F:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-04-05] (LogMeIn Inc.)
S3 LcUvcUpper; F:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
S3 LGJoyXlCore; F:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LifeCamTrueColor; F:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37936 2016-07-27] (Microsoft Corporation)
U3 mfeavfk01; no ImagePath
R3 NvStreamKms; F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; F:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RtlWlanu; F:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation                           )
R3 rzendpt; F:\Windows\System32\drivers\rzendpt.sys [51224 2016-05-12] (Razer Inc)
R3 rzmpos; F:\Windows\System32\drivers\rzmpos.sys [47640 2016-05-12] (Razer Inc)
R2 rzpmgrk; F:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; F:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 sshid; F:\Windows\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
S3 ssudmdm; F:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; F:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 tap0901t; F:\Windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
R3 taphss6; F:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-09-18] (Anchorfree Inc.)
S3 USBAAPL64; F:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 VBAudioVMVAIOMME; F:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-08-11] (Windows ® Win 7 DDK provider)
S3 WdBoot; F:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; F:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdm_usb; F:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; F:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; F:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
S0 mferkdet; system32\drivers\mferkdet.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\F:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 12:43 - 2017-04-09 12:43 - 00035078 _____ F:\Users\Yassine\Downloads\FRST.txt
2017-04-09 12:42 - 2017-04-09 12:43 - 00000000 ____D F:\FRST
2017-04-09 12:42 - 2017-04-09 12:42 - 02424832 _____ (Farbar) F:\Users\Yassine\Downloads\FRST64.exe
2017-04-09 12:39 - 2017-04-09 12:39 - 00000000 ____D F:\Users\Yassine\Desktop\Old Firefox Data
2017-04-09 12:38 - 2017-04-09 12:38 - 02030536 _____ (Bleeping Computer, LLC) F:\Users\Yassine\Downloads\rkill.com
2017-04-09 12:38 - 2017-04-09 12:38 - 02030536 _____ (Bleeping Computer, LLC) F:\Users\Yassine\Downloads\rkill (1).com
2017-04-08 23:36 - 2017-04-08 23:36 - 00000000 ____D F:\Users\Yassine\AppData\LocalLow\BitTorrent
2017-04-08 15:19 - 2017-04-08 15:19 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\McAfee
2017-04-08 15:17 - 2017-04-08 15:23 - 00000000 ____D F:\Program Files (x86)\McAfee
2017-04-08 15:17 - 2017-04-08 15:17 - 00185280 _____ (McAfee, Inc.) F:\Windows\system32\mfevtps.exe.1a52.deleteme
2017-04-08 15:17 - 2017-04-08 15:17 - 00121896 _____ (McAfee, Inc.) F:\Windows\system32\MfeOtlkAddin.dll
2017-04-08 15:17 - 2017-04-08 15:17 - 00094080 _____ (McAfee, Inc.) F:\Windows\SysWOW64\MfeOtlkAddin.dll
2017-04-08 15:17 - 2017-04-08 15:17 - 00025088 _____ (McAfee, Inc.) F:\Windows\SysWOW64\MFEOtlk.dll
2017-04-08 15:17 - 2017-04-08 15:17 - 00000000 ____D F:\Program Files\Common Files\McAfee
2017-04-08 14:10 - 2017-04-08 14:10 - 01611944 _____ (Secure Download Ltd. ) F:\Users\Yassine\Downloads\windows_reg_ac
2017-04-08 14:10 - 2017-04-08 14:10 - 00000000 ____D F:\Users\Yassine\AppData\Local\YwngPack
2017-04-08 14:10 - 2017-04-08 14:10 - 00000000 ____D F:\Users\Yassine\AppData\Local\Ucggmedia
2017-04-08 14:09 - 2017-04-08 14:09 - 00016710 _____ F:\Windows\System32\Tasks\2369e27l47n3966
2017-04-08 14:09 - 2017-04-08 14:09 - 00000000 ___HD F:\ProgramData\2369e27l47n3966
2017-04-08 14:09 - 2017-04-08 14:09 - 00000000 ____D F:\Users\Yassine\AppData\Local\AnonymizerLauncher
2017-04-08 14:09 - 2017-04-08 14:09 - 00000000 ____D F:\Users\Yassine\.proxycheck
2017-04-08 14:09 - 2017-04-08 14:09 - 00000000 ____D F:\Users\Yassine\.AnonymizerLauncher
2017-04-08 14:08 - 2017-04-08 14:08 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\AGData
2017-04-08 14:08 - 2017-04-08 14:08 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-04-08 14:07 - 2017-04-08 14:41 - 00000000 ____D F:\Program Files (x86)\AnonymizerGadget
2017-04-08 14:07 - 2017-04-08 14:07 - 00014336 _____ F:\Users\Yassine\AppData\Local\eidstc.dll
2017-04-08 14:07 - 2017-04-08 14:07 - 00002048 _____ F:\Users\Yassine\AppData\Local\uninstallro.exe
2017-04-08 14:05 - 2017-04-08 14:10 - 00000000 ____D F:\Program Files (x86)\Microsoft Toolkit Final
2017-04-08 14:05 - 2017-04-08 14:05 - 00003544 _____ F:\Windows\System32\Tasks\PPI Update
2017-04-08 13:40 - 2017-04-08 13:42 - 06993348 _____ F:\Users\Yassine\Downloads\Microsoft Toolkit Final pass 123456.rar
2017-04-08 13:36 - 2017-04-08 13:36 - 30533688 _____ F:\Users\Yassine\Downloads\Microsoft Toolkit 2.5.3 [1].exe
2017-04-08 13:35 - 2017-04-08 13:35 - 01220976 _____ (Dad ) F:\Users\Yassine\Downloads\Microsoft Toolkit 2.5.3.exe
2017-04-07 12:43 - 2017-04-07 12:43 - 00018744 _____ F:\Users\Yassine\Downloads\CCB_notice_2017_02_27_15_31_36_066761.pdf
2017-04-07 12:41 - 2017-04-07 12:41 - 00797637 _____ F:\Users\Yassine\Downloads\supportingdocuments.zip
2017-04-07 12:39 - 2017-04-07 12:44 - 00000000 ____D F:\Users\Yassine\Desktop\New folder (4)
2017-04-06 10:03 - 2017-04-06 10:03 - 03990318 _____ F:\Users\Yassine\Downloads\Override (10).zip
2017-04-05 14:15 - 2017-04-05 14:16 - 202891484 _____ F:\Users\Yassine\Desktop\New ModsPack.zip
2017-04-05 13:58 - 2017-04-05 13:59 - 04055856 _____ F:\Users\Yassine\Downloads\Override (9).zip
2017-04-05 13:33 - 2017-04-05 13:33 - 42392486 _____ F:\Users\Yassine\Downloads\MP_MODSPACK (1).zip
2017-04-03 15:16 - 2017-04-03 15:16 - 00000000 ____D F:\Windows\LastGood.Tmp
2017-03-30 15:53 - 2017-03-30 15:53 - 00031412 _____ F:\Users\Yassine\Desktop\Pre-authorized Payment.pdf
2017-03-28 17:02 - 2017-03-28 17:02 - 00017328 _____ F:\Users\Yassine\Downloads\Artist Houtengeki (方天戟) [Pixiv 93360] (2017-03-27).zip.torrent
2017-03-26 10:06 - 2017-03-26 10:11 - 103725042 _____ F:\Users\Yassine\Downloads\Barca vs PSG 6-1 .mp4
2017-03-25 20:01 - 2017-03-25 20:01 - 04055875 _____ F:\Users\Yassine\Downloads\رواية زوجتى من الجن كامله.pdf
2017-03-24 14:41 - 2017-03-24 14:41 - 01607643 _____ F:\Users\Yassine\Downloads\1490223556841.webm
2017-03-21 09:42 - 2017-03-21 09:42 - 00139187 _____ F:\Users\Yassine\Downloads\Mods (2).zip
2017-03-21 09:29 - 2017-03-21 09:29 - 00106912 _____ F:\Users\Yassine\Downloads\Mods (1).zip
2017-03-21 09:25 - 2017-03-21 09:25 - 03815987 _____ F:\Users\Yassine\Downloads\Override (8).zip
2017-03-21 09:23 - 2017-03-21 09:23 - 39169047 _____ F:\Users\Yassine\Downloads\Mods 2.zip
2017-03-20 14:55 - 2017-03-20 15:04 - 00000000 ____D F:\Users\Yassine\Desktop\rent papers
2017-03-20 14:42 - 2017-03-20 14:42 - 00440724 _____ F:\Users\Yassine\Desktop\Police Check.pdf
2017-03-20 14:41 - 2017-03-20 14:41 - 00440724 _____ F:\Users\Yassine\Documents\Police Check.pdf
2017-03-19 15:22 - 2017-03-19 15:22 - 03735948 _____ F:\Users\Yassine\Downloads\Override (7).zip
2017-03-19 15:15 - 2017-03-19 15:15 - 01286216 _____ F:\Users\Yassine\Downloads\DLL - Various Mod Components (v 88).civ5mod
2017-03-19 06:25 - 2017-04-05 13:33 - 00000000 ____D F:\Users\Yassine\Desktop\MP_MODSPACK
2017-03-19 05:51 - 2017-03-19 05:51 - 03916811 _____ F:\Users\Yassine\Downloads\Override (6).zip
2017-03-19 05:49 - 2017-03-19 05:49 - 42077877 _____ F:\Users\Yassine\Downloads\MP_MODSPACK_VP_3-7(No_EUI).7z
2017-03-19 05:39 - 2017-03-19 05:39 - 01139172 _____ F:\Users\Yassine\Downloads\Sukritact's Suzerainty (v 1).7z
2017-03-18 06:22 - 2017-03-18 06:22 - 00124793 _____ F:\Users\Yassine\Downloads\More Luxuries Deluxe - Addon (v 100).zip
2017-03-17 12:49 - 2017-03-17 12:49 - 03719942 _____ F:\Users\Yassine\Downloads\Override (5).zip
2017-03-17 12:40 - 2017-03-17 12:40 - 06009845 _____ F:\Users\Yassine\Downloads\More Luxuries (v 155).zip
2017-03-17 12:24 - 2017-03-17 12:24 - 03707580 _____ F:\Users\Yassine\Downloads\More Luxuries (v 155).civ5mod
2017-03-17 12:16 - 2017-03-17 12:17 - 17670008 _____ F:\Users\Yassine\Downloads\Sukritacts Edifice Pack (v 1).civ5mod
2017-03-17 12:16 - 2017-03-17 12:16 - 00909086 _____ F:\Users\Yassine\Downloads\[TES Wonders] Skyrim - College of Winterhold (v 1).civ5mod
2017-03-17 12:16 - 2017-03-17 12:16 - 00344194 _____ F:\Users\Yassine\Downloads\Sukritacts Edifices (v 1).civ5mod
2017-03-17 12:15 - 2017-03-17 12:15 - 00578283 _____ F:\Users\Yassine\Downloads\[TES Wonders] Skyrim - Bards College (v 1).civ5mod
2017-03-17 12:14 - 2017-03-17 12:14 - 01072360 _____ F:\Users\Yassine\Downloads\Atlantean Civilization (v 1).civ5mod
2017-03-17 12:14 - 2017-03-17 12:14 - 00768211 _____ F:\Users\Yassine\Downloads\[TES Wonders] Skyrim - Dragonsreach (v 1).civ5mod
2017-03-17 12:10 - 2017-03-17 12:10 - 123207086 _____ F:\Users\Yassine\Downloads\Archive-9452.zip
2017-03-17 11:05 - 2017-03-17 11:05 - 04074723 _____ F:\Users\Yassine\Downloads\Override (4).zip
2017-03-17 09:34 - 2017-03-17 09:34 - 00233403 _____ F:\Users\Yassine\Downloads\Future Tech Does Something Beyond Score Increasing Mod (v 1).civ5mod
2017-03-16 17:17 - 2017-03-16 17:17 - 00746088 _____ F:\Users\Yassine\Downloads\profile.htm
2017-03-16 17:17 - 2017-03-16 17:17 - 00575684 _____ F:\Users\Yassine\Downloads\download (3).htm
2017-03-15 04:00 - 2017-03-15 04:00 - 01040850 _____ F:\Users\Yassine\Downloads\download (2).htm
2017-03-15 04:00 - 2017-03-15 04:00 - 00511730 _____ F:\Users\Yassine\Downloads\download (1).htm
2017-03-15 02:06 - 2017-03-15 02:06 - 00079917 _____ F:\Users\Yassine\Desktop\Benefit Summary Family.pdf
2017-03-14 20:32 - 2017-03-04 03:01 - 00576512 _____ (Microsoft Corporation) F:\Windows\system32\vbscript.dll
2017-03-14 20:32 - 2017-03-04 02:59 - 02895360 _____ (Microsoft Corporation) F:\Windows\system32\iertutil.dll
2017-03-14 20:32 - 2017-03-04 02:48 - 25746944 _____ (Microsoft Corporation) F:\Windows\system32\mshtml.dll
2017-03-14 20:32 - 2017-03-04 02:45 - 00114688 _____ (Microsoft Corporation) F:\Windows\system32\ieetwcollector.exe
2017-03-14 20:32 - 2017-03-04 02:44 - 00817664 _____ (Microsoft Corporation) F:\Windows\system32\jscript.dll
2017-03-14 20:32 - 2017-03-04 02:31 - 06045696 _____ (Microsoft Corporation) F:\Windows\system32\jscript9.dll
2017-03-14 20:32 - 2017-03-04 02:05 - 01033216 _____ (Microsoft Corporation) F:\Windows\system32\inetcomm.dll
2017-03-14 20:32 - 2017-03-04 01:54 - 00806912 _____ (Microsoft Corporation) F:\Windows\system32\msfeeds.dll
2017-03-14 20:32 - 2017-03-04 01:26 - 15259648 _____ (Microsoft Corporation) F:\Windows\system32\ieframe.dll
2017-03-14 20:32 - 2017-03-04 01:25 - 03241984 _____ (Microsoft Corporation) F:\Windows\system32\wininet.dll
2017-03-14 20:32 - 2017-03-04 01:12 - 01545728 _____ (Microsoft Corporation) F:\Windows\system32\urlmon.dll
2017-03-14 20:32 - 2017-03-04 01:02 - 00800768 _____ (Microsoft Corporation) F:\Windows\system32\ieapfltr.dll
2017-03-14 20:32 - 2017-03-03 23:18 - 20281856 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtml.dll
2017-03-14 20:32 - 2017-03-02 13:01 - 00499200 _____ (Microsoft Corporation) F:\Windows\SysWOW64\vbscript.dll
2017-03-14 20:32 - 2017-03-02 12:55 - 02287104 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iertutil.dll
2017-03-14 20:32 - 2017-03-02 12:49 - 00663552 _____ (Microsoft Corporation) F:\Windows\SysWOW64\jscript.dll
2017-03-14 20:32 - 2017-03-02 12:25 - 00880640 _____ (Microsoft Corporation) F:\Windows\SysWOW64\inetcomm.dll
2017-03-14 20:32 - 2017-03-02 12:22 - 04604416 _____ (Microsoft Corporation) F:\Windows\SysWOW64\jscript9.dll
2017-03-14 20:32 - 2017-03-02 12:19 - 00693248 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msfeeds.dll
2017-03-14 20:32 - 2017-03-02 12:11 - 13654528 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieframe.dll
2017-03-14 20:32 - 2017-03-02 11:53 - 02767360 _____ (Microsoft Corporation) F:\Windows\SysWOW64\wininet.dll
2017-03-14 20:32 - 2017-03-02 11:50 - 01312768 _____ (Microsoft Corporation) F:\Windows\SysWOW64\urlmon.dll
2017-03-14 20:32 - 2017-03-02 11:50 - 00710144 _____ (Microsoft Corporation) F:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 20:32 - 2017-02-23 09:50 - 00093360 _____ (Microsoft Corporation) F:\Windows\system32\CompatTelRunner.exe
2017-03-14 20:32 - 2017-02-22 09:35 - 01609216 _____ (Microsoft Corporation) F:\Windows\system32\appraiser.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 01286144 _____ (Microsoft Corporation) F:\Windows\system32\aeinv.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00646656 _____ (Microsoft Corporation) F:\Windows\system32\generaltel.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00556544 _____ (Microsoft Corporation) F:\Windows\system32\devinv.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00335360 _____ (Microsoft Corporation) F:\Windows\system32\invagent.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00293376 _____ (Microsoft Corporation) F:\Windows\system32\centel.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00233984 _____ (Microsoft Corporation) F:\Windows\system32\aepic.dll
2017-03-14 20:32 - 2017-02-22 09:35 - 00133632 _____ (Microsoft Corporation) F:\Windows\system32\acmigration.dll
2017-03-14 20:32 - 2017-02-11 14:25 - 00417792 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\srv.sys
2017-03-14 20:32 - 2017-02-11 00:12 - 00315392 _____ (Microsoft Corporation) F:\Windows\system32\dxtrans.dll
2017-03-14 20:32 - 2017-02-11 00:12 - 00145408 _____ (Microsoft Corporation) F:\Windows\system32\iepeers.dll
2017-03-14 20:32 - 2017-02-11 00:00 - 00262144 _____ (Microsoft Corporation) F:\Windows\system32\webcheck.dll
2017-03-14 20:32 - 2017-02-10 23:58 - 00378880 _____ (Microsoft Corporation) F:\Windows\system32\iedkcs32.dll
2017-03-14 20:32 - 2017-02-10 23:56 - 02131456 _____ (Microsoft Corporation) F:\Windows\system32\inetcpl.cpl
2017-03-14 20:32 - 2017-02-10 14:09 - 04169728 _____ (Microsoft Corporation) F:\Windows\system32\win32k.sys
2017-03-14 20:32 - 2017-02-10 00:34 - 00064000 _____ (Microsoft Corporation) F:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 20:32 - 2017-02-10 00:10 - 00076288 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mshtmled.dll
2017-03-14 20:32 - 2017-02-10 00:09 - 00128000 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iepeers.dll
2017-03-14 20:32 - 2017-02-10 00:08 - 00279040 _____ (Microsoft Corporation) F:\Windows\SysWOW64\dxtrans.dll
2017-03-14 20:32 - 2017-02-10 00:01 - 00230400 _____ (Microsoft Corporation) F:\Windows\SysWOW64\webcheck.dll
2017-03-14 20:32 - 2017-02-10 00:00 - 00330752 _____ (Microsoft Corporation) F:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 20:32 - 2017-02-09 23:59 - 02055680 _____ (Microsoft Corporation) F:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 20:32 - 2017-02-09 20:31 - 01549144 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-14 20:32 - 2017-02-09 19:12 - 01375960 _____ (Microsoft Corporation) F:\Windows\system32\gdi32.dll
2017-03-14 20:32 - 2017-02-09 10:28 - 01987584 _____ (Microsoft Corporation) F:\Windows\system32\DWrite.dll
2017-03-14 20:32 - 2017-02-09 10:19 - 01377792 _____ (Microsoft Corporation) F:\Windows\system32\FntCache.dll
2017-03-14 20:32 - 2017-02-09 10:16 - 01560064 _____ (Microsoft Corporation) F:\Windows\SysWOW64\DWrite.dll
2017-03-14 20:32 - 2017-02-09 10:16 - 01094656 _____ (Microsoft Corporation) F:\Windows\SysWOW64\gdi32.dll
2017-03-14 20:32 - 2017-02-09 09:59 - 00658432 _____ (Microsoft Corporation) F:\Windows\system32\dnsapi.dll
2017-03-14 20:32 - 2017-02-09 09:58 - 00499200 _____ (Microsoft Corporation) F:\Windows\SysWOW64\dnsapi.dll
2017-03-14 20:32 - 2017-02-09 09:58 - 00252416 _____ (Microsoft Corporation) F:\Windows\system32\dnsrslvr.dll
2017-03-14 20:32 - 2017-02-04 15:32 - 07444832 _____ (Microsoft Corporation) F:\Windows\system32\ntoskrnl.exe
2017-03-14 20:32 - 2017-02-04 15:30 - 01663184 _____ (Microsoft Corporation) F:\Windows\system32\winload.efi
2017-03-14 20:32 - 2017-02-04 15:30 - 01523216 _____ (Microsoft Corporation) F:\Windows\system32\winload.exe
2017-03-14 20:32 - 2017-02-04 15:30 - 01490128 _____ (Microsoft Corporation) F:\Windows\system32\winresume.efi
2017-03-14 20:32 - 2017-02-04 15:30 - 01358960 _____ (Microsoft Corporation) F:\Windows\system32\winresume.exe
2017-03-14 20:32 - 2017-02-04 14:32 - 00251392 _____ (Microsoft Corporation) F:\Windows\system32\microsoft-windows-system-events.dll
2017-03-14 20:32 - 2017-02-04 14:30 - 00285184 _____ (Microsoft Corporation) F:\Windows\system32\wow64.dll
2017-03-14 20:32 - 2017-02-04 13:14 - 01001472 _____ (Microsoft Corporation) F:\Windows\HelpPane.exe
2017-03-14 20:32 - 2017-02-04 12:50 - 00243712 _____ (Microsoft Corporation) F:\Windows\system32\icm32.dll
2017-03-14 20:32 - 2017-02-04 12:40 - 01754112 _____ (Microsoft Corporation) F:\Windows\system32\GdiPlus.dll
2017-03-14 20:32 - 2017-02-04 12:32 - 00584704 _____ (Microsoft Corporation) F:\Windows\system32\mscms.dll
2017-03-14 20:32 - 2017-02-04 12:17 - 00223232 _____ (Microsoft Corporation) F:\Windows\SysWOW64\icm32.dll
2017-03-14 20:32 - 2017-02-04 12:10 - 01491456 _____ (Microsoft Corporation) F:\Windows\SysWOW64\GdiPlus.dll
2017-03-14 20:32 - 2017-02-04 12:05 - 00503808 _____ (Microsoft Corporation) F:\Windows\SysWOW64\mscms.dll
2017-03-14 20:32 - 2017-01-21 16:37 - 00567152 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\cng.sys
2017-03-14 20:32 - 2017-01-21 14:27 - 00756736 _____ (Microsoft Corporation) F:\Windows\system32\adtschema.dll
2017-03-14 20:32 - 2017-01-21 14:27 - 00061952 _____ (Microsoft Corporation) F:\Windows\system32\msobjs.dll
2017-03-14 20:32 - 2017-01-21 14:22 - 00201728 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 20:32 - 2017-01-21 14:20 - 00401920 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 20:32 - 2017-01-21 13:40 - 00756736 _____ (Microsoft Corporation) F:\Windows\SysWOW64\adtschema.dll
2017-03-14 20:32 - 2017-01-21 13:40 - 00061952 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msobjs.dll
2017-03-14 20:32 - 2017-01-21 13:37 - 00445440 _____ (Microsoft Corporation) F:\Windows\system32\certcli.dll
2017-03-14 20:32 - 2017-01-21 12:58 - 00324096 _____ (Microsoft Corporation) F:\Windows\SysWOW64\certcli.dll
2017-03-14 20:32 - 2017-01-21 12:48 - 01437696 _____ (Microsoft Corporation) F:\Windows\system32\lsasrv.dll
2017-03-14 20:32 - 2017-01-14 12:49 - 00146944 _____ (Microsoft Corporation) F:\Windows\system32\wininit.exe
2017-03-14 20:32 - 2017-01-11 14:37 - 02345984 _____ (Microsoft Corporation) F:\Windows\system32\msxml3.dll
2017-03-14 20:32 - 2017-01-10 14:08 - 01549312 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msxml3.dll
2017-03-14 20:32 - 2017-01-05 13:20 - 01697792 _____ (Microsoft Corporation) F:\Windows\system32\quartz.dll
2017-03-14 20:32 - 2017-01-05 13:09 - 07076864 _____ (Microsoft Corporation) F:\Windows\system32\glcndFilter.dll
2017-03-14 20:32 - 2017-01-05 12:36 - 01501184 _____ (Microsoft Corporation) F:\Windows\SysWOW64\quartz.dll
2017-03-14 20:32 - 2017-01-05 12:29 - 05273600 _____ (Microsoft Corporation) F:\Windows\SysWOW64\glcndFilter.dll
2017-03-14 20:32 - 2017-01-05 12:13 - 07796224 _____ (Microsoft Corporation) F:\Windows\system32\Windows.Data.Pdf.dll
2017-03-14 20:32 - 2017-01-05 11:57 - 05268480 _____ (Microsoft Corporation) F:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 20:32 - 2016-11-09 14:22 - 00681472 _____ (Microsoft Corporation) F:\Windows\system32\Drivers\srv2.sys
2017-03-14 20:32 - 2016-06-03 12:11 - 00472576 _____ (Microsoft Corporation) F:\Windows\system32\pcasvc.dll
2017-03-14 00:51 - 2016-11-30 01:34 - 00028352 _____ (Microsoft Corporation) F:\Windows\SysWOW64\aspnet_counters.dll
2017-03-14 00:51 - 2016-11-30 01:27 - 00030400 _____ (Microsoft Corporation) F:\Windows\system32\aspnet_counters.dll
2017-03-14 00:51 - 2016-10-25 16:35 - 00987848 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-03-14 00:51 - 2016-10-25 16:35 - 00484552 _____ (Microsoft Corporation) F:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-03-14 00:51 - 2016-10-25 16:34 - 00993632 _____ (Microsoft Corporation) F:\Windows\system32\msvcr120_clr0400.dll
2017-03-14 00:51 - 2016-10-25 16:34 - 00690016 _____ (Microsoft Corporation) F:\Windows\system32\msvcp120_clr0400.dll
2017-03-14 00:02 - 2017-03-14 00:02 - 00000000 _____ F:\Users\Yassine\Desktop\New Text Document (6).txt
2017-03-13 07:13 - 2017-03-13 07:13 - 00176175 _____ F:\Users\Yassine\Downloads\F000501913 (4).pdf
2017-03-12 09:00 - 2017-03-12 09:00 - 00105472 _____ F:\Users\Yassine\Downloads\Rental-Application (2).xls
2017-03-10 02:53 - 2017-03-10 02:54 - 401084552 _____ F:\Users\Yassine\Downloads\gszysl.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 12:39 - 2016-11-15 20:27 - 00000000 ____D F:\Users\Yassine\AppData\LocalLow\Mozilla
2017-04-09 12:39 - 2015-08-15 23:27 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\BitTorrent
2017-04-09 11:17 - 2015-07-30 09:16 - 00003930 _____ F:\Windows\System32\Tasks\User_Feed_Synchronization-{3576E6AC-BF61-48DD-B310-351150754D86}
2017-04-09 10:49 - 2013-08-22 08:36 - 00000000 ____D F:\Windows\Inf
2017-04-09 09:30 - 2017-01-01 22:13 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Spotify
2017-04-09 06:14 - 2015-08-18 00:14 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\MPC-HC
2017-04-09 02:51 - 2015-07-30 09:04 - 00863592 _____ F:\Windows\system32\PerfStringBackup.INI
2017-04-08 23:25 - 2015-07-30 09:15 - 00003598 _____ F:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-577004517-2011418438-2702626766-1001
2017-04-08 15:32 - 2016-03-16 13:31 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\.ACEStream
2017-04-08 15:28 - 2016-12-13 05:35 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\WhatsApp
2017-04-08 15:23 - 2016-11-15 18:54 - 00000000 ____D F:\Program Files (x86)\Mozilla Firefox
2017-04-08 15:23 - 2015-12-03 06:54 - 00000000 ____D F:\ProgramData\McAfee
2017-04-08 15:23 - 2013-08-22 10:36 - 00000000 ___HD F:\Windows\ELAMBKUP
2017-04-08 15:18 - 2013-08-22 08:25 - 00262144 ___SH F:\Windows\system32\config\ELAM
2017-04-08 14:45 - 2017-01-01 22:14 - 00000000 ____D F:\Users\Yassine\AppData\Local\Spotify
2017-04-08 14:45 - 2015-07-30 09:12 - 00000000 ____D F:\ProgramData\NVIDIA
2017-04-08 14:45 - 2015-07-30 09:10 - 00000000 ___DO F:\Users\Yassine\SkyDrive
2017-04-08 14:45 - 2013-08-22 09:45 - 00000006 ____H F:\Windows\Tasks\SA.DAT
2017-04-08 14:44 - 2015-07-30 09:06 - 00000000 ____D F:\Users\Yassine
2017-04-08 14:44 - 2013-08-22 08:25 - 00262144 ___SH F:\Windows\system32\config\BBI
2017-04-08 14:42 - 2016-05-11 16:07 - 00000000 ____D F:\Program Files (x86)\Opera developer
2017-04-08 14:42 - 2016-05-11 15:58 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Opera Software
2017-04-08 14:42 - 2016-05-11 15:58 - 00000000 ____D F:\Users\Yassine\AppData\Local\Opera Software
2017-04-08 14:29 - 2015-07-30 11:50 - 04048896 ___SH F:\Users\Yassine\Desktop\Thumbs.db
2017-04-08 14:12 - 2016-01-07 05:16 - 00000000 ____D F:\Users\Yassine\AppData\Local\CrashDumps
2017-04-07 23:31 - 2016-01-01 13:41 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Skype
2017-04-07 22:09 - 2015-08-27 08:02 - 00580608 ___SH F:\Users\Yassine\Downloads\Thumbs.db
2017-04-07 13:13 - 2015-11-05 20:25 - 00000000 ____D F:\ProgramData\Origin
2017-04-07 13:10 - 2015-11-05 20:27 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Origin
2017-04-07 00:00 - 2015-08-01 04:03 - 00532136 ____N (Microsoft Corporation) F:\Windows\system32\MpSigStub.exe
2017-04-06 16:20 - 2015-11-05 20:25 - 00000000 ____D F:\Program Files (x86)\Origin
2017-04-06 13:14 - 2015-09-16 16:24 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Tunngle
2017-04-06 06:52 - 2017-01-29 18:26 - 00000000 ____D F:\ProgramData\Tunngle
2017-04-05 17:36 - 2016-04-05 01:14 - 00002218 _____ F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-04 22:26 - 2013-08-22 10:36 - 00000000 ____D F:\Windows\AppReadiness
2017-04-04 22:03 - 2015-11-17 21:22 - 00000000 ____D F:\Users\Yassine\Downloads\PopcornTime
2017-04-04 14:28 - 2016-05-14 16:21 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\discord
2017-03-29 02:46 - 2013-08-22 10:20 - 00000000 ____D F:\Windows\CbsTemp
2017-03-27 16:09 - 2015-08-15 23:28 - 00002738 _____ F:\Users\Yassine\Desktop\BitTorrent.lnk
2017-03-21 09:38 - 2016-02-15 16:02 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\obs-studio
2017-03-16 19:19 - 2013-08-22 10:36 - 00000000 ____D F:\Windows\rescache
2017-03-16 03:10 - 2013-08-22 10:36 - 00000000 ___HD F:\Program Files\WindowsApps
2017-03-16 02:58 - 2013-08-22 09:44 - 00484968 _____ F:\Windows\system32\FNTCACHE.DAT
2017-03-16 02:57 - 2015-08-03 20:34 - 00000000 ____D F:\Windows\system32\appraiser
2017-03-15 04:15 - 2016-04-03 09:45 - 00000000 ___RD F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-03-15 04:15 - 2015-08-01 02:58 - 00000000 ____D F:\Windows\system32\MRT
2017-03-15 04:14 - 2015-09-18 12:25 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 04:14 - 2015-08-01 02:58 - 138634176 ____C (Microsoft Corporation) F:\Windows\system32\MRT.exe
2017-03-15 04:13 - 2015-09-18 12:24 - 00000000 ____D F:\Program Files\Microsoft Silverlight
2017-03-15 04:13 - 2015-09-18 12:24 - 00000000 ____D F:\Program Files (x86)\Microsoft Silverlight
2017-03-14 16:19 - 2015-12-25 10:58 - 00004288 _____ F:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 16:19 - 2013-08-22 10:36 - 00000000 ____D F:\Windows\SysWOW64\Macromed
2017-03-14 16:19 - 2013-08-22 10:36 - 00000000 ____D F:\Windows\system32\Macromed
2017-03-12 09:02 - 2015-07-30 09:07 - 00000000 ____D F:\Users\Yassine\AppData\Local\Packages
2017-03-10 15:30 - 2016-12-13 05:35 - 00002224 _____ F:\Users\Yassine\Desktop\WhatsApp.lnk
2017-03-10 15:30 - 2016-12-13 05:35 - 00000000 ____D F:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-03-10 15:30 - 2016-12-13 05:35 - 00000000 ____D F:\Users\Yassine\AppData\Local\WhatsApp
2017-03-10 15:30 - 2015-10-30 07:11 - 00000000 ____D F:\Users\Yassine\AppData\Local\SquirrelTemp

==================== Files in the root of some directories =======

2015-03-26 06:48 - 2015-03-26 06:48 - 2174976 _____ (Advanced Micro Devices Inc.) F:\Program Files (x86)\Common Files\atimpenc.dll
2015-07-15 14:56 - 2015-08-10 17:56 - 0000010 _____ () F:\Users\Yassine\AppData\Roaming\bdopatchtime.txt
2015-08-11 19:28 - 2015-08-11 19:28 - 0002857 _____ () F:\Users\Yassine\AppData\Roaming\VoiceMeeterDefault.xml
2017-04-08 14:07 - 2017-04-08 14:07 - 0014336 _____ () F:\Users\Yassine\AppData\Local\eidstc.dll
2016-02-29 17:15 - 2016-03-05 14:29 - 0007603 _____ () F:\Users\Yassine\AppData\Local\Resmon.ResmonCfg
2017-04-08 14:07 - 2017-04-08 14:07 - 0002048 _____ () F:\Users\Yassine\AppData\Local\uninstallro.exe
2016-12-30 22:40 - 2016-12-30 22:40 - 0000057 _____ () F:\ProgramData\Ament.ini
2015-08-11 20:00 - 2015-08-11 20:00 - 0000000 ____H () F:\ProgramData\DP45977C.lfl
2015-11-22 09:22 - 2015-11-22 09:22 - 0000098 _____ () F:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
F:\Program Files\Hola\app\hola.exe
F:\Windows\TEMP\g74A4.tmp.exe


Some files in TEMP:
====================
2017-03-19 02:12 - 2017-03-19 02:12 - 0028672 _____ (Intel Corporation.) F:\Users\Yassine\AppData\Local\Temp\centroid.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

F:\Windows\system32\winlogon.exe => File is digitally signed
F:\Windows\system32\wininit.exe => File is digitally signed
F:\Windows\explorer.exe => File is digitally signed
F:\Windows\SysWOW64\explorer.exe => File is digitally signed
F:\Windows\system32\svchost.exe => File is digitally signed
F:\Windows\SysWOW64\svchost.exe => File is digitally signed
F:\Windows\system32\services.exe => File is digitally signed
F:\Windows\system32\User32.dll => File is digitally signed
F:\Windows\SysWOW64\User32.dll => File is digitally signed
F:\Windows\system32\userinit.exe => File is digitally signed
F:\Windows\SysWOW64\userinit.exe => File is digitally signed
F:\Windows\system32\rpcss.dll => File is digitally signed
F:\Windows\system32\dnsapi.dll => File is digitally signed
F:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
F:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-08 03:00

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:39 AM

Posted 09 April 2017 - 02:27 PM

Hello
  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


 
Start
CreateRestorePoint:
CloseProcesses:

(Hola Networks Ltd.) F:\Program Files\Hola\app\hola_svc.exe

(Hola Networks Ltd.) F:\Program Files\Hola\app\hola_updater.exe

(Popcorn Time) F:\Program Files (x86)\Popcorn Time\Updater.exe

HKLM\...\Run: [hola] => F:\Program Files\Hola\app\hola.exe [2168416 2017-02-22] (Hola Networks Ltd.) <===== ATTENTION

HKLM\...\RunOnce: [YASSINE] => F:\Windows\TEMP\g74A4.tmp.exe [173568 2017-04-08] () <===== ATTENTION

HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [eidstc] => rundll32.exe "F:\Users\Yassine\AppData\Local\eidstc.dll",eidstc <===== ATTENTION

HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [Usrwmedia] => F:\Windows\SysWOW64\regsvr32.exe F:\Users\Yassine\AppData\Local\Ucggmedia\qdgqaqnx.dll <===== ATTENTION

HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Run: [YwngPack] => regsvr32.exe F:\Users\Yassine\AppData\Local\YwngPack\bknsahmx.dll <===== ATTENTION

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0CtDzzyC0BtD0B0AyE0Fzy0CtCtB0AtN0D0Tzu0StCyCtDtBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CyBzy0CyDyCtCtGyEyEzz0FtG0ByDyDzztGyEyCzy0DtGyB0B0A0AyE0EtAtA0DzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0F0Fzy0AtB0FtGzytB0C0CtGyE0E0D0DtG0B0BtC0FtGtCyEyE0A0A0B0DyDyCzztDtC2QtN0A0LzutB%26cr%3D1098940486%26a%3Dwncy_ir_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}

FF HKU\S-1-5-21-577004517-2011418438-2702626766-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - F:\Users\Yassine\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi

FF Extension: (Ace Stream Web Extension) - F:\Users\Yassine\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]

FF Plugin: @esn/npbattlelog,version=2.7.1 -> F:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]

FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> F:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]

FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-02-16] ()

FF Plugin HKU\.DEFAULT: @hola.org/vlc -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-02-16] (Hola)

FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @hola.org/FlashPlayer -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-02-16] ()

FF Plugin HKU\S-1-5-21-577004517-2011418438-2702626766-1001: @hola.org/vlc -> F:\Users\Yassine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-02-16] (Hola)

CHR Extension: (Chrome Media Router) - F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]

R2 hola_svc; F:\Program Files\Hola\app\hola_svc.exe [5622368 2017-02-22] (Hola Networks Ltd.) <==== ATTENTION

R2 hola_updater; F:\Program Files\Hola\app\hola_updater.exe [5622368 2017-02-22] (Hola Networks Ltd.) <==== ATTENTION

R2 Update service; F:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]

U3 mfeavfk01; no ImagePath

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

S0 mfeapfk; system32\drivers\mfeapfk.sys [X]

R0 mfeavfk; system32\drivers\mfeavfk.sys [X]

S0 mfeelamk; system32\drivers\mfeelamk.sys [X]

R0 mfehidk; system32\drivers\mfehidk.sys [X]

S0 mferkdet; system32\drivers\mferkdet.sys [X]

R0 mfewfpk; system32\drivers\mfewfpk.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]

S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

S3 xhunter1; \??\F:\Windows\xhunter1.sys [X]

F:\Program Files\Hola\app\hola.exe

F:\Windows\TEMP\g74A4.tmp.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
 
2.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • How the computer is running now?

Edited by fireman4it, 09 April 2017 - 02:29 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 YassineStevie

YassineStevie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 09 April 2017 - 03:37 PM

first step

Attached Files



#4 YassineStevie

YassineStevie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 09 April 2017 - 04:22 PM

# AdwCleaner v6.045 - Logfile created 09/04/2017 at 16:19:27
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-06.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Yassine - YASSINE
# Running from : F:\Users\Yassine\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: F:\Users\Yassine\.proxycheck
[-] Folder deleted: F:\Users\Yassine\.AnonymizerLauncher
[-] Folder deleted: F:\Users\Yassine\AppData\Local\Hola
[-] Folder deleted: F:\Users\Yassine\AppData\Local\AnonymizerLauncher
[-] Folder deleted: F:\Users\Yassine\AppData\LocalLow\.acestream
[-] Folder deleted: F:\Users\Yassine\AppData\Roaming\.acestream
[-] Folder deleted: F:\Users\Yassine\AppData\Roaming\acestream
[-] Folder deleted: F:\Users\Yassine\AppData\Roaming\Hola
[-] Folder deleted: F:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[-] Folder deleted: F:\Program Files\Hola
[-] Folder deleted: F:\ProgramData\TweakBit
[-] Folder deleted: F:\ProgramData\BSD\DriverHive
[-] Folder deleted: F:\ProgramData\BSD
[#] Folder deleted on reboot: F:\ProgramData\BSD\DriverHiveEngine
[#] Folder deleted on reboot: F:\ProgramData\Application Data\TweakBit
[#] Folder deleted on reboot: F:\ProgramData\Application Data\BSD\DriverHive
[#] Folder deleted on reboot: F:\ProgramData\Application Data\BSD
[#] Folder deleted on reboot: F:\ProgramData\Application Data\BSD\DriverHiveEngine
[-] Folder deleted: F:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: F:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: F:\Users\Yassine\AppData\Roaming\AGData
 
 
***** [ Files ] *****
 
[-] File deleted: F:\Users\Yassine\AppData\Local\uninstallro.exe
[-] File deleted: F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
[#] File deleted: F:\Users\Yassine\AppData\Local\uninstallro.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: PPI Update
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\.acelive
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\.acemedia
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\.acestream
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\.tslive
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\acestream
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.CDAudio
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.DVDMovie
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.file
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.OPENFolder
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.SVCDMovie
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Classes\AceStream.VCDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.CDAudio
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.DVDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.file
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.OPENFolder
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.SVCDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.VCDMovie
[-] Key deleted: HKLM\SOFTWARE\Classes\AceStream.file
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.CDAudio
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.file
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AceStream.file
[-] Key deleted: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\.DEFAULT\Software\Hola
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\AceStream
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Hola
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\BSD
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Hola
[#] Key deleted on reboot: HKCU\Software\AceStream
[#] Key deleted on reboot: HKCU\Software\Hola
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\BSD
[-] Key deleted: HKLM\SOFTWARE\TWEAKBIT
[-] Key deleted: HKLM\SOFTWARE\BSD
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[#] Key deleted on reboot: [x64] HKCU\Software\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\Hola
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\BSD
[-] Key deleted: [x64] HKLM\SOFTWARE\Hola
[-] Key deleted: [x64] HKLM\SOFTWARE\RunBooster
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[-] Data restored: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-577004517-2011418438-2702626766-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola]
[-] Key deleted: HKCU\Software\Classes\Applications\ace_player.exe
[-] Key deleted: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Key deleted: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Key deleted: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[#] Key deleted on reboot: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Key deleted: HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.2
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Web browsers ] *****
 
[-] [F:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
F:\AdwCleaner\AdwCleaner[C0].txt - [11958 Bytes] - [09/04/2017 16:19:27]
F:\AdwCleaner\AdwCleaner[S0].txt - [11643 Bytes] - [09/04/2017 15:40:34]
 
########## EOF - F:\AdwCleaner\AdwCleaner[C0].txt - [12106 Bytes] ##########


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:39 AM

Posted 09 April 2017 - 07:35 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 YassineStevie

YassineStevie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 09 April 2017 - 09:23 PM

still getting pop-ups and being redirected, would using another browser other than chrome be worth it ?



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:39 AM

Posted 10 April 2017 - 04:26 PM

Download Malwarebytes Anti-Rootkit Supplement from here

Once you have downloaded the tool (contained in a .zip folder), you will need to extract the contents. We recommend extracting to your desktop.
 
To extract the files, locate the zipped folder that you want to unzip (extract) files or folders from. To unzip all the contents of the zipped folder, press and hold (or right-click) the folder, select Extract All, and then follow the instructions. Save them on your desktop

After the files are extracted, double-click the mbar.cmd file. If you are unsure which file this is, try double-clicking both files named mbar - only one of them will run.
 
Update the Database, then click on Next, then on Scan.

  • Let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:39 AM

Posted 16 April 2017 - 12:29 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users