Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with possible ransomware/trojan


  • This topic is locked This topic is locked
28 replies to this topic

#1 tt23

tt23

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 11 April 2017 - 07:21 PM

My pc is currently infected with the "requested resource is in use" virus and it wont let me run any newly or old downloaded anti-virus software. However, windows defender i think is running to help but not that much. Any other suggestions?

 

Moved to MRL at Bronis request as the OP will need to run FRST

NickAu


Edited by NickAu, 11 April 2017 - 11:42 PM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:44 PM

Posted 12 April 2017 - 01:57 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 03:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by FAMILIA (administrator) on FAM (12-04-2017 15:13:25)
Running from C:\Users\FAMILIA\Desktop
Loaded Profiles: FAMILIA & UpdatusUser &  (Available Profiles: FAMILIA & UpdatusUser & Guest)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ELLS LLC) C:\Users\FAMILIA\AppData\Local\WeatherBuddy\WeatherBuddy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [155648 2013-10-14] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-06-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-03-30] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\FAMILIA\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [349704 2017-04-12] (Jetico ltd) <===== ATTENTION
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-23] (Electronic Arts)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\Run: [GoogleChromeAutoLaunch_41606C17F0EE110A6BEB5763B2D337FC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\Run: [BingSvc] => C:\Users\FAMILIA\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\MountPoints2: {74e9da51-4b6d-11e3-be6b-94de80ce3266} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\...\MountPoints2: {c0f4be1f-a058-11e4-bedf-94de80ce3266} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-23] (Electronic Arts)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_41606C17F0EE110A6BEB5763B2D337FC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\FAMILIA\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {74e9da51-4b6d-11e3-be6b-94de80ce3266} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c0f4be1f-a058-11e4-bedf-94de80ce3266} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [155648 2013-10-14] (Apple Computer, Inc.)
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [hola] => C:\Users\Guest\AppData\Local\Hola\local\app\hola.exe [2032256 2015-09-10] (Hola Networks Ltd.)
AppInit_DLLs: C:\PROGRA~2\GS_X64~1.ENA => C:\Program Files (x86)\GS_x64.Enabler [2759168 2014-01-08] ()
AppInit_DLLs-x32: c:\progra~2\gsb779~1.ena => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2015-10-01]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-01-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-04-10]
ShortcutTarget: WeatherBuddy.lnk -> C:\Users\FAMILIA\AppData\Local\WeatherBuddy\WeatherBuddy.exe (ELLS LLC)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-12-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2816680137-3866285611-3782432408-1001] => hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296
AutoConfigURL: [S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{99C24E0A-80D8-4C82-8F2D-C520CBD88149}: [DhcpNameServer] 192.168.15.1
ManualProxies: 0hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={0065E4E3-2A32-49DD-9086-3A0481CBEA59}&mid=4eb43d2fc3b747d29d234597c62adb95-08f99ba531d5b9f72a077d980f18b7533cae47fd&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=pr&d=2014-04-27 22:07:34&v=19.4.5.533&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
URLSearchHook: [S-1-5-21-2816680137-3866285611-3782432408-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2816680137-3866285611-3782432408-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> {0B2F82F9-8491-4AF5-BE45-3737832E6E46} URL = hxxp://www.bing.com/search?FORM=SK2KDF&PC=SK2K&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0065E4E3-2A32-49DD-9086-3A0481CBEA59}&mid=4eb43d2fc3b747d29d234597c62adb95-08f99ba531d5b9f72a077d980f18b7533cae47fd&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=pr&d=2014-04-27 22:07:34&v=19.4.5.533&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> {B5A76937-C576-484E-98F5-230ACC7ED4F7} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0B2F82F9-8491-4AF5-BE45-3737832E6E46} URL = hxxp://www.bing.com/search?FORM=SK2KDF&PC=SK2K&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0065E4E3-2A32-49DD-9086-3A0481CBEA59}&mid=4eb43d2fc3b747d29d234597c62adb95-08f99ba531d5b9f72a077d980f18b7533cae47fd&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=pr&d=2014-04-27 22:07:34&v=19.4.5.533&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B5A76937-C576-484E-98F5-230ACC7ED4F7} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0065E4E3-2A32-49DD-9086-3A0481CBEA59}&mid=4eb43d2fc3b747d29d234597c62adb95-08f99ba531d5b9f72a077d980f18b7533cae47fd&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=pr&d=2014-04-27 22:07:34&v=19.4.5.533&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FD73C837-68EC-42A5-AFE5-E955DDCBA91F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140417,19669,0,GC32,8178
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.5.533\AVG SafeGuard toolbar_toolbar.dll [2016-06-23] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-17] (AVG Secure Search)

FireFox:
========
FF DefaultProfile: f6ykpirk.default-1399066483812
FF ProfilePath: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 [2017-04-12]
FF user.js: detected! => C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\user.js [2014-12-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 -> AVG Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 -> AVG Secure Search
FF Homepage: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 -> hxxp://n.clickforms.ru/c/1a30e417c259f275?
FF Keyword.URL: Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812 ->
FF Extension: (Adblock Plus) - C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-12]
FF SearchPlugin: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\searchplugins\avg-secure-search.xml [2016-04-18]
FF SearchPlugin: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\searchplugins\bing-.xml [2016-01-15]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/FlashPlayer -> C:\Users\Guest\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2016-01-17] ()
FF Plugin HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc -> C:\Users\Guest\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2016-01-17] (Hola)
FF Plugin HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Guest\AppData\Local\Roblox\Versions\version-b11c8de329894f4a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Guest\AppData\Local\Roblox\Versions\version-b11c8de329894f4a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\9289641.js [2017-04-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\9289641.cfg [2017-04-10] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default [2017-04-10]
CHR Extension: (Google Slides) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Google Docs) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Google Drive) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Adblock Plus) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-10]
CHR Extension: (Google Search) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Batman Arkham Origins - Against All) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdjjdmkhjncjolehdmdlbmoijgkphgo [2015-08-19]
CHR Extension: (Google Sheets) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Ad Block Plus) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcdlkaadpecidoaeknkgmkolidlgaca [2015-08-19]
CHR Extension: (Skype) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-04-10]
CHR Extension: (MeSafe) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkknfledgpmlnapbbfdahiigcanjgana [2017-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-10]
CHR Extension: (Gmail) - C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
CHR HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-23] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-03-30] (Copyright © 2017 Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-17] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 windowsmanagementservice; "C:\Users\FAMILIA\AppData\Local\qbynw\ct.exe" /svc [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-01-26] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S1 kzrnobok; C:\Windows\system32\drivers\kzrnobok.sys [55168 2017-04-12] (Microsoft Corporation)
S3 MAUSBFASTTRACK; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [187912 2009-10-02] (Avid Technology, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2017-04-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S1 zajqwrzb; C:\Windows\system32\drivers\zajqwrzb.sys [55168 2017-04-12] (Microsoft Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-12 15:13 - 2017-04-12 15:13 - 00031955 _____ C:\Users\FAMILIA\Desktop\FRST.txt
2017-04-12 15:10 - 2017-04-12 15:12 - 00115083 _____ C:\Users\FAMILIA\Downloads\Addition.txt
2017-04-12 15:10 - 2017-04-12 15:05 - 02424832 _____ (Farbar) C:\Users\FAMILIA\Documents\FRST64.exe
2017-04-12 15:08 - 2017-04-12 15:13 - 00000974 _____ C:\Users\FAMILIA\Desktop\FRST64 - Shortcut.lnk
2017-04-12 15:07 - 2017-04-12 15:13 - 00000000 ____D C:\FRST
2017-04-12 15:07 - 2017-04-12 15:12 - 00081128 _____ C:\Users\FAMILIA\Downloads\FRST.txt
2017-04-12 15:05 - 2017-04-12 15:05 - 02424832 _____ (Farbar) C:\Users\FAMILIA\Desktop\FRST64.exe
2017-04-12 14:32 - 2017-04-12 14:32 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kzrnobok.sys
2017-04-12 14:12 - 2017-04-12 14:12 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zajqwrzb.sys
2017-04-11 23:09 - 2017-04-11 20:06 - 163222296 _____ (Microsoft Corporation) C:\Users\Guest\Documents\msert.exe
2017-04-11 19:41 - 2017-04-11 20:06 - 163222296 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\msert.exe
2017-04-11 18:51 - 2017-04-11 18:51 - 00280744 _____ C:\Windows\Minidump\041117-29047-01.dmp
2017-04-11 17:24 - 2017-04-11 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-11 17:15 - 2017-04-11 17:15 - 00015126 _____ C:\Users\Guest\Desktop\FREESTYLE.aup
2017-04-11 16:53 - 2017-04-11 16:53 - 00001886 _____ C:\Users\Guest\Desktop\bravestarr+truereligionfreedlfuturexliluzivert - Shortcut.lnk
2017-04-11 16:14 - 2017-04-11 16:14 - 03212656 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\Downloads\AVG_Antivirus_1924.exe
2017-04-11 12:42 - 2017-04-11 12:42 - 00280632 _____ C:\Windows\Minidump\041117-28548-01.dmp
2017-04-11 12:28 - 2017-04-11 12:28 - 01811496 _____ (LogMeIn, Inc.) C:\Users\Guest\Downloads\Support-LogMeInRescue.exe
2017-04-11 11:40 - 2017-04-11 11:40 - 00604928 _____ (Reimage) C:\Users\Guest\Downloads\ReimageRepair.exe
2017-04-11 11:08 - 2017-04-11 11:08 - 05659546 _____ (Swearware) C:\Users\Guest\Downloads\ComboFix.exe
2017-04-11 11:07 - 2017-04-11 11:07 - 04089296 _____ C:\Users\Guest\Downloads\AdwCleaner.exe
2017-04-11 11:04 - 2017-04-11 11:04 - 05698548 _____ C:\Users\Guest\Downloads\eXplorer.rar
2017-04-11 10:55 - 2017-04-11 10:55 - 05766464 _____ (Zemana Ltd. ) C:\Users\Guest\Downloads\ZAM.exe.exe
2017-04-11 10:53 - 2017-04-11 10:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\iExplore.exe
2017-04-11 10:53 - 2017-04-11 10:53 - 00001421 _____ C:\Users\Guest\Desktop\iExplore - Shortcut.lnk
2017-04-11 10:34 - 2017-04-11 10:34 - 06903192 _____ (AVAST Software) C:\Users\Guest\Downloads\avast_free_antivirus_setup_online_f1d.exe
2017-04-11 00:10 - 2017-04-11 00:10 - 00000000 ____D C:\Users\FAMILIA\AppData\Local\AnonymizerLauncher
2017-04-11 00:10 - 2017-04-11 00:10 - 00000000 ____D C:\Users\FAMILIA\.proxycheck
2017-04-11 00:10 - 2017-04-11 00:10 - 00000000 ____D C:\Users\FAMILIA\.AnonymizerLauncher
2017-04-11 00:08 - 2017-04-11 00:08 - 00000000 ____D C:\Users\Guest\.QtWebEngineProcess
2017-04-11 00:08 - 2017-04-11 00:08 - 00000000 ____D C:\Users\Guest\.Plays.tv
2017-04-11 00:08 - 2017-04-11 00:08 - 00000000 ____D C:\Users\FAMILIA\.QtWebEngineProcess
2017-04-11 00:00 - 2017-04-11 00:00 - 00000000 ____D C:\Users\FAMILIA\.Plays.tv
2017-04-10 23:50 - 2017-04-11 00:00 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\AGData
2017-04-10 23:50 - 2017-04-10 23:55 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Screenshot Pro
2017-04-10 23:50 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-04-10 23:50 - 2017-04-10 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-04-10 23:50 - 2017-04-10 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spoutly
2017-04-10 23:50 - 2017-04-10 23:50 - 00003962 _____ C:\Windows\System32\Tasks\Gntypluhsp
2017-04-10 23:50 - 2017-04-10 23:50 - 00003306 _____ C:\Windows\System32\Tasks\AGProxyCheck
2017-04-10 23:50 - 2017-04-10 23:50 - 00003238 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2017-04-10 23:50 - 2017-04-10 23:50 - 00003160 _____ C:\Windows\System32\Tasks\HDWallPaper
2017-04-10 23:50 - 2017-04-10 23:50 - 00002096 _____ C:\Users\FAMILIA\Desktop\WeatherBuddy.lnk
2017-04-10 23:50 - 2017-04-10 23:50 - 00000062 _____ C:\Windows\WeatherBuddy.INI
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\System Healer
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Itibiti
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\GlobalWeather
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Local\WeatherBuddy
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Program Files (x86)\ScreenshotPro
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Program Files (x86)\Hojigh_
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Program Files (x86)\Hojigh
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Program Files (x86)\GlobalWeather
2017-04-10 23:50 - 2017-04-10 23:50 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files\X9WVI0VFG5
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files\WEROD3OGOT
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files\FHVK2OY55M
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\Spoutly
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\SpeeDownloader
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\PubHotspot
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\HDWallPaper
2017-04-10 23:49 - 2017-04-10 23:53 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-04-10 23:49 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\YNJQ1GGS1A
2017-04-10 23:49 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\SDDBQOQFLX
2017-04-10 23:49 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\L71NC6RBQ1
2017-04-10 23:49 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\DC4C92RTDJ
2017-04-10 23:49 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\2OW8AN7UUP
2017-04-10 23:49 - 2017-04-10 23:50 - 00011568 _____ C:\Users\FAMILIA\AppData\Roaming\InstallationConfiguration.xml
2017-04-10 23:49 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\72446390
2017-04-10 23:49 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\42444254
2017-04-10 23:49 - 2017-04-10 23:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\41174157
2017-04-10 23:49 - 2017-04-10 23:50 - 00000000 ____D C:\ProgramData\RegisterObject
2017-04-10 23:49 - 2017-04-10 23:49 - 00140288 _____ C:\Users\FAMILIA\AppData\Roaming\Installer.dat
2017-04-10 23:49 - 2017-04-10 23:49 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-04-10 23:49 - 2017-04-10 23:49 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\HDWallPaper
2017-04-10 23:48 - 2017-04-10 23:55 - 00000000 ____D C:\Users\FAMILIA\AppData\Local\qbynw
2017-04-10 23:48 - 2017-04-10 23:55 - 00000000 ____D C:\Users\FAMILIA\AppData\Local\oddediwluj
2017-04-10 23:48 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\ZXQGIAWI74
2017-04-10 23:48 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files\B597BYZZOP
2017-04-10 23:48 - 2017-04-10 23:52 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-10 23:48 - 2017-04-10 23:51 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Browsers
2017-04-10 23:48 - 2017-04-10 23:48 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\SPI
2017-04-10 23:48 - 2017-04-10 23:48 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\c
2017-04-10 18:28 - 2016-06-25 13:28 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-04-10 18:28 - 2016-06-25 13:09 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-04-10 18:28 - 2016-06-25 10:55 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-04-10 18:28 - 2016-06-25 10:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-04-10 18:28 - 2016-06-17 08:09 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-04-10 16:28 - 2017-04-10 16:28 - 00013165 _____ C:\Users\Guest\Desktop\bleep AROUND.aup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-12 15:00 - 2015-08-28 15:00 - 00000288 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2017-04-12 14:55 - 2014-04-26 22:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 14:40 - 2013-10-14 02:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2816680137-3866285611-3782432408-1001
2017-04-12 14:24 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
2017-04-12 14:13 - 2012-07-26 02:28 - 00852298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 14:12 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\Inf
2017-04-12 14:08 - 2016-03-10 17:18 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\PlaysTV
2017-04-12 14:08 - 2016-01-15 17:21 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Skype
2017-04-12 14:08 - 2015-10-10 11:15 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Raptr
2017-04-12 14:08 - 2013-10-14 02:50 - 00000000 ____D C:\Users\FAMILIA\AppData\Local\Packages
2017-04-12 14:06 - 2013-11-16 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-12 14:06 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 14:05 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-11 23:22 - 2013-10-14 04:38 - 00000000 _____ C:\Users\FAMILIA\AppData\LocalLow\ChangeTaskbarRect
2017-04-11 22:57 - 2016-03-11 08:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\PlaysTV
2017-04-11 22:57 - 2015-10-11 13:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Raptr
2017-04-11 19:32 - 2014-04-26 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-11 19:31 - 2013-11-16 10:38 - 00000000 ____D C:\Windows\system32\MRT
2017-04-11 19:28 - 2013-11-16 10:38 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-11 19:27 - 2012-07-26 00:26 - 00000396 _____ C:\Windows\win.ini
2017-04-11 19:23 - 2014-01-01 19:45 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 19:23 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 19:23 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 18:57 - 2013-12-30 20:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Audacity
2017-04-11 18:51 - 2014-12-13 10:44 - 824948976 _____ C:\Windows\MEMORY.DMP
2017-04-11 18:51 - 2014-02-03 21:02 - 00000000 ____D C:\Windows\Minidump
2017-04-11 12:48 - 2014-02-16 15:52 - 00000000 ____D C:\ProgramData\Origin
2017-04-11 10:28 - 2014-12-13 10:44 - 00000000 ____D C:\Windows\system32\appraiser
2017-04-11 00:23 - 2013-12-30 22:15 - 00000000 _____ C:\Users\Guest\AppData\LocalLow\ChangeTaskbarRect
2017-04-11 00:10 - 2013-10-14 02:49 - 00000000 ____D C:\Users\FAMILIA
2017-04-11 00:08 - 2013-12-30 01:23 - 00000000 ____D C:\Users\Guest
2017-04-10 23:59 - 2014-01-26 10:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-10 23:56 - 2015-12-13 21:23 - 00449896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-10 23:55 - 2014-03-22 20:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-10 23:51 - 2015-10-10 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-04-10 23:51 - 2015-10-01 16:49 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-10 23:51 - 2015-08-19 20:53 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-04-10 23:51 - 2015-08-19 20:53 - 00000000 ____D C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-10 18:35 - 2016-06-23 22:43 - 00001011 ____H C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-04-10 18:35 - 2015-08-19 20:53 - 00002445 ____H C:\Users\FAMILIA\Desktop\Chrome App Launcher.lnk
2017-04-10 18:35 - 2015-08-19 20:47 - 00002369 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-10 18:35 - 2015-08-19 20:47 - 00002357 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-10 18:35 - 2015-07-03 13:51 - 00001420 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-10 18:35 - 2014-04-26 22:55 - 00001337 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-10 18:35 - 2014-04-26 22:55 - 00001325 ____H C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-10 18:35 - 2013-12-30 01:24 - 00001648 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-10 18:31 - 2012-07-26 03:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-10 18:31 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-04-10 18:19 - 2015-08-19 20:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-10 18:19 - 2015-08-19 20:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 18:15 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF
2017-04-10 17:11 - 2014-02-16 15:52 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-10 17:09 - 2013-12-30 22:16 - 00168111 _____ C:\MyXML.xml
2017-04-10 17:00 - 2015-08-28 15:00 - 00000296 _____ C:\Windows\Tasks\DLL-Files FixerASKUSER.job
2017-04-10 16:06 - 2015-06-14 08:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-10 16:06 - 2014-04-26 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-07 17:06 - 2013-11-16 01:52 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-01-08 21:07 - 2014-01-08 21:07 - 2759168 _____ () C:\Program Files (x86)\GS_x64.Enabler
2014-04-27 22:07 - 2014-06-02 10:23 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-04-26 20:43 - 2014-04-26 20:44 - 0000318 _____ () C:\Users\FAMILIA\AppData\Roaming\aps.uninstall.scan.results
2017-04-10 23:49 - 2017-04-10 23:50 - 0011568 _____ () C:\Users\FAMILIA\AppData\Roaming\InstallationConfiguration.xml
2017-04-10 23:49 - 2017-04-10 23:49 - 0140288 _____ () C:\Users\FAMILIA\AppData\Roaming\Installer.dat
2014-01-26 13:33 - 2014-03-31 00:33 - 0000127 _____ () C:\Users\FAMILIA\AppData\Roaming\WB.CFG
2014-02-01 17:30 - 2014-02-03 20:56 - 0002763 _____ () C:\ProgramData\connector.swf

Files to move or delete:
====================
C:\Users\FAMILIA\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe


Some files in TEMP:
====================
2015-10-01 17:46 - 2015-10-01 17:46 - 0000512 _____ () C:\Users\FAMILIA\AppData\Local\Temp\29f61e985d2eed196af9583a15a5c5a4.dll
2016-01-16 18:35 - 2014-10-28 07:49 - 0060296 _____ (Autodesk, Inc.) C:\Users\FAMILIA\AppData\Local\Temp\AcDeltree.exe
2015-10-10 10:22 - 2015-10-10 10:25 - 272865000 _____ (AMD Inc.) C:\Users\FAMILIA\AppData\Local\Temp\amd-catalyst-14.4-64bit-win8.1-win8-win7-whql-aug.exe
2017-04-10 23:50 - 2017-04-10 23:50 - 0931704 _____ () C:\Users\FAMILIA\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1701.exe
2015-11-01 21:53 - 2015-11-01 21:53 - 2892128 _____ (AVG Technologies) C:\Users\FAMILIA\AppData\Local\Temp\avg-b985741e-d195-451c-aa14-033652564079.exe
2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081308836129.exe
2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081620800069.exe
2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08462937382.exe
2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08490299885.exe
2016-01-15 17:31 - 2016-01-15 17:31 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BingSvc.exe
2016-01-15 17:31 - 2016-01-15 17:31 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcProcessor.exe
2016-01-15 17:31 - 2016-01-15 17:31 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcUpdater.exe
2017-04-10 23:50 - 2017-04-10 23:50 - 7469104 _____ (Gold Click Ltd                                              ) C:\Users\FAMILIA\AppData\Local\Temp\offer17pg.exe
2016-03-10 17:17 - 2016-03-10 17:18 - 59759200 _____ () C:\Users\FAMILIA\AppData\Local\Temp\playstv_patch.exe
2015-10-10 11:15 - 2015-10-10 11:16 - 61015144 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptrpatch.exe
2015-10-10 11:15 - 2015-10-10 11:15 - 0221632 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptr_stub.exe
2016-05-14 14:02 - 2016-05-14 14:02 - 45196928 _____ (Skype Technologies S.A.) C:\Users\FAMILIA\AppData\Local\Temp\SkypeSetup.exe
2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_0811913779.exe
2016-05-13 23:15 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_081528866724.exe
2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08204699520.exe
2016-06-23 21:24 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08245833092.exe
2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08588954256.exe
2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08626550083.exe
2015-09-10 23:04 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.183107.exe
2015-09-09 12:01 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.exe
2015-11-05 18:24 - 2015-11-05 18:24 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.317.exe
2015-11-26 17:50 - 2015-11-26 17:50 - 23309952 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
2015-12-08 07:05 - 2015-12-08 07:05 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.764.exe
2015-12-16 23:21 - 2015-12-16 23:21 - 23321216 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.890.exe
2015-12-18 17:06 - 2015-12-18 17:07 - 23318656 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.994.exe
2016-01-17 11:42 - 2016-01-17 11:43 - 23334528 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.11.399.exe
2015-05-11 22:30 - 2015-05-11 22:30 - 15241160 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
2015-05-12 19:32 - 2015-05-12 19:32 - 15853000 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
2015-05-18 07:25 - 2015-05-18 07:25 - 14973896 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
2015-05-21 17:41 - 2015-05-21 17:41 - 15966152 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
2015-05-31 16:08 - 2015-05-31 16:08 - 16669640 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.103.exe
2015-06-01 19:04 - 2015-06-01 19:04 - 16664008 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.124.exe
2015-06-02 09:44 - 2015-06-02 09:44 - 16668104 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.131.exe
2015-06-02 14:43 - 2015-06-02 14:43 - 16728520 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.143.exe
2015-06-03 19:09 - 2015-06-03 19:10 - 17199560 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.164.exe
2015-06-04 18:37 - 2015-06-04 18:37 - 17184712 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.179.exe
2015-06-05 06:07 - 2015-06-05 06:07 - 17193416 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.183.exe
2015-06-05 19:12 - 2015-06-05 19:12 - 17173960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.188.exe
2015-06-07 09:44 - 2015-06-07 09:44 - 17187784 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.196.exe
2015-06-07 12:23 - 2015-06-07 12:23 - 17198024 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.201.exe
2015-06-08 08:21 - 2015-06-08 08:21 - 17192904 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
2015-06-12 06:20 - 2015-06-12 06:20 - 17197512 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.277.exe
2015-05-27 12:55 - 2015-05-27 19:07 - 16645576 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.28.exe
2015-06-13 18:42 - 2015-06-13 18:42 - 17179080 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.308.exe
2015-06-15 08:44 - 2015-06-15 08:44 - 17191880 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
2015-06-22 08:58 - 2015-06-22 08:58 - 17365960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
2015-07-13 14:34 - 2015-07-13 14:35 - 15962568 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.595.exe
2015-07-14 09:50 - 2015-07-14 09:50 - 15969736 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.649.exe
2015-05-26 19:21 - 2015-05-26 19:21 - 16666056 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.7.exe
2015-05-30 05:58 - 2015-05-30 05:58 - 16677320 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.77.exe
2015-08-05 14:13 - 2015-08-05 15:00 - 15984256 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.10.exe
2015-08-11 09:45 - 2015-08-11 09:45 - 15985792 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.105.exe
2015-09-06 12:40 - 2015-09-06 12:40 - 23263360 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.510.exe
2015-09-10 22:58 - 2015-09-10 22:58 - 23264384 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.567.exe
2015-09-15 07:02 - 2015-09-15 07:02 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.624.exe
2015-10-31 18:21 - 2015-10-31 18:21 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.789.exe
2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.697289.exe
2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.831813.exe
2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.exe
2014-04-17 03:18 - 2014-04-17 03:18 - 0921512 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-10-19 07:54 - 2014-10-19 07:54 - 0937896 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2014-03-10 18:20 - 2014-02-27 17:52 - 0120912 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\lowproc.exe
2014-03-10 18:20 - 2014-02-27 17:52 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\stubhelper.dll
2014-06-21 14:00 - 2014-06-21 14:00 - 0139672 _____ (Eclipse Foundation) C:\Users\Guest\AppData\Local\Temp\swt-win32-3349.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-12 12:09

==================== End of FRST.txt ============================

Attached Files



#4 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 03:26 PM

What does this tool exactly do?



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:44 PM

Posted 12 April 2017 - 03:52 PM

Scans places where malware usually hides. I will review these reports.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:44 PM

Posted 12 April 2017 - 03:55 PM

There is a rookit in the system. Lets try this tool.

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 04:42 PM

Its saying i cant run the scan because another malware bytes version is open when its not and i even deleted it altogther. I am also trying to use the anti-virus software "Comodo". Is that any good at destroying rookits?



#8 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 04:45 PM

Nvm thought i was in the clear until it blocked this app too. This is the worst virus i have ever seen lol wont let me do anything.



#9 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 05:34 PM

Im running the anti-rootkit now will get back to you asap.

#10 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 April 2017 - 06:25 PM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.12.07
  rootkit: v2017.04.02.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17607
FAMILIA :: FAM [administrator]

4/12/2017 5:18:21 PM
mbar-log-2017-04-12 (17-18-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 383150
Time elapsed: 50 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [5ed95a96fbad80b6ec6397a7b948e020]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [181f98586e3ae05671b96f3c25dc50b0]

Registry Values Detected: 4
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{73DF0452-538A-4BDC-9350-65FE392B7E36}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: http://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296 -> Delete on reboot. [ab8c618ff7b1a5919e638a0d8a77748c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES| (Hijack.AutoConfigURL.PrxySvrRST) -> Data: 0http://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296 -> Delete on reboot. [e552698706a281b5e417593d35cc60a0]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\FAMILIA\AppData\Local\qbynw\ct.exe" /svc -> Delete on reboot. [181f98586e3ae05671b96f3c25dc50b0]
HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: http://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296 -> Delete on reboot. [cc6b4aa6acfcf64015bf870fd829c739]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 43
C:\Program Files (x86)\BeCleaner (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA (Adware.Tuto4PC.Generic) -> Delete on reboot. [d364aa46beeab680564b9730f40ca55b]
C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D (Adware.Tuto4PC.Generic) -> Delete on reboot. [23149060d0d8d85e5c45fbcc4ab6916f]
C:\Users\FAMILIA\AppData\Roaming\41174157 (Rogue.Agent.D.Generic) -> Delete on reboot. [4ee997590a9ec3731b29efbcc53b22de]
C:\Users\FAMILIA\AppData\Roaming\42444254 (Rogue.Agent.D.Generic) -> Delete on reboot. [fb3cd9174a5e5fd7e95b8d1e0ef29070]
C:\Users\FAMILIA\AppData\Roaming\72446390 (Rogue.Agent.D.Generic) -> Delete on reboot. [8ea96d837830f145d56fe1cac63abe42]
C:\Program Files (x86)\PubHotspot (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$R5T6CSO.BingTravel_8wekyb3d8bbwe (Trojan.Siredef.C) -> Delete on reboot. [74c36e82d3d595a175ec05fc9f610ff1]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetCache (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetCookies (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetHistory (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\PRICache (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\Temp (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\LocalState (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\RoamingState (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\SystemAppData (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\TempState (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetCache (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetCookies (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetHistory (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\PRICache (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\Temp (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\LocalState (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\RoamingState (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\SystemAppData (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\TempState (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RW0LKYQ.BingSports_8wekyb3d8bbwe (Trojan.Siredef.C) -> Delete on reboot. [191edf116b3d96a0d091ed14c23e7b85]
C:\Program Files\2OW8AN7UUP (Adware.Tuto4PC.Generic) -> Delete on reboot. [3502b838acfcbd7928a55f13c33d59a7]
C:\Program Files\B597BYZZOP (Adware.Tuto4PC.Generic) -> Delete on reboot. [03349d53b2f6e056329b3c36718f57a9]
C:\Program Files\DC4C92RTDJ (Adware.Tuto4PC.Generic) -> Delete on reboot. [a39487699e0a25110fbeb0c238c8d32d]
C:\Program Files\FHVK2OY55M (Adware.Tuto4PC.Generic) -> Delete on reboot. [2b0ce0102d7b1f17b01d9dd5738da957]
C:\Program Files\L71NC6RBQ1 (Adware.Tuto4PC.Generic) -> Delete on reboot. [c374e8086d3b5adc03cae78b03fd6b95]
C:\Program Files\SDDBQOQFLX (Adware.Tuto4PC.Generic) -> Delete on reboot. [181f4ea2169260d616b7b0c26a96966a]
C:\Program Files\WEROD3OGOT (Adware.Tuto4PC.Generic) -> Delete on reboot. [84b300f01197171fba132c467d83619f]
C:\Program Files\X9WVI0VFG5 (Adware.Tuto4PC.Generic) -> Delete on reboot. [dc5bbc3436728aaccb0221518c74ef11]
C:\Program Files\YNJQ1GGS1A (Adware.Tuto4PC.Generic) -> Delete on reboot. [112600f0654337ff5875e78b847ce818]
C:\Program Files\ZXQGIAWI74 (Adware.Tuto4PC.Generic) -> Delete on reboot. [16210de3a503f6401bb2caa8e02019e7]

Files Detected: 62
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. []
C:\Program Files (x86)\BeCleaner\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\BestCleaner.exe.conf (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\config.conf (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\DO9VU.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\IIEAJJZ1IGB99Q1.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\unins000.dat (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Program Files (x86)\BeCleaner\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ea4d618f9e0a05312d37f0d0df211ce4]
C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [d364aa46beeab680564b9730f40ca55b]
C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [d364aa46beeab680564b9730f40ca55b]
C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [23149060d0d8d85e5c45fbcc4ab6916f]
C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [23149060d0d8d85e5c45fbcc4ab6916f]
C:\Users\FAMILIA\AppData\Roaming\41174157\427469.exe.config (Rogue.Agent.D.Generic) -> Delete on reboot. [4ee997590a9ec3731b29efbcc53b22de]
C:\Users\FAMILIA\AppData\Roaming\42444254\549383.exe.config (Rogue.Agent.D.Generic) -> Delete on reboot. [fb3cd9174a5e5fd7e95b8d1e0ef29070]
C:\Users\FAMILIA\AppData\Roaming\72446390\464554.exe.config (Rogue.Agent.D.Generic) -> Delete on reboot. [8ea96d837830f145d56fe1cac63abe42]
C:\Program Files (x86)\PubHotspot\cast.config (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\Program Files (x86)\PubHotspot\config.conf (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\Program Files (x86)\PubHotspot\JIDG6.exe.config (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\Program Files (x86)\PubHotspot\QVV25FAKACFOUM7.exe.config (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\Program Files (x86)\PubHotspot\unins000.dat (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\Program Files (x86)\PubHotspot\uninstaller.exe.config (Adware.Tuto4PC) -> Delete on reboot. [14231ad6198ff14579314fe57091cf31]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$R5T6CSO.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk (Trojan.Siredef.C) -> Delete on reboot. [74c36e82d3d595a175ec05fc9f610ff1]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\roaming.lock (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat.LOG1 (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat.LOG2 (Trojan.Siredef.C) -> Delete on reboot. [cc6b2ac6a3059f97421f6f928e7246ba]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\roaming.lock (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat.LOG1 (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat.LOG2 (Trojan.Siredef.C) -> Delete on reboot. [84b30de3396f4de9134e22df0000d030]
C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RW0LKYQ.BingSports_8wekyb3d8bbwe\AppexSports.lnk (Trojan.Siredef.C) -> Delete on reboot. [191edf116b3d96a0d091ed14c23e7b85]
C:\Program Files\2OW8AN7UUP\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [3502b838acfcbd7928a55f13c33d59a7]
C:\Program Files\2OW8AN7UUP\2OW8AN7UU.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [3502b838acfcbd7928a55f13c33d59a7]
C:\Program Files\2OW8AN7UUP\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [3502b838acfcbd7928a55f13c33d59a7]
C:\Program Files\B597BYZZOP\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [03349d53b2f6e056329b3c36718f57a9]
C:\Program Files\B597BYZZOP\B597BYZZO.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [03349d53b2f6e056329b3c36718f57a9]
C:\Program Files\B597BYZZOP\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [03349d53b2f6e056329b3c36718f57a9]
C:\Program Files\DC4C92RTDJ\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a39487699e0a25110fbeb0c238c8d32d]
C:\Program Files\DC4C92RTDJ\DC4C92RTD.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a39487699e0a25110fbeb0c238c8d32d]
C:\Program Files\DC4C92RTDJ\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a39487699e0a25110fbeb0c238c8d32d]
C:\Program Files\FHVK2OY55M\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2b0ce0102d7b1f17b01d9dd5738da957]
C:\Program Files\FHVK2OY55M\9VCSUSOO0.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2b0ce0102d7b1f17b01d9dd5738da957]
C:\Program Files\FHVK2OY55M\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2b0ce0102d7b1f17b01d9dd5738da957]
C:\Program Files\L71NC6RBQ1\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c374e8086d3b5adc03cae78b03fd6b95]
C:\Program Files\L71NC6RBQ1\L71NC6RBQ.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c374e8086d3b5adc03cae78b03fd6b95]
C:\Program Files\L71NC6RBQ1\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c374e8086d3b5adc03cae78b03fd6b95]
C:\Program Files\SDDBQOQFLX\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [181f4ea2169260d616b7b0c26a96966a]
C:\Program Files\SDDBQOQFLX\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [181f4ea2169260d616b7b0c26a96966a]
C:\Program Files\SDDBQOQFLX\ZG1YQRMZF.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [181f4ea2169260d616b7b0c26a96966a]
C:\Program Files\WEROD3OGOT\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [84b300f01197171fba132c467d83619f]
C:\Program Files\WEROD3OGOT\NA9BL9MLB.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [84b300f01197171fba132c467d83619f]
C:\Program Files\WEROD3OGOT\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [84b300f01197171fba132c467d83619f]
C:\Program Files\X9WVI0VFG5\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [dc5bbc3436728aaccb0221518c74ef11]
C:\Program Files\X9WVI0VFG5\7EMNXPBW3.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [dc5bbc3436728aaccb0221518c74ef11]
C:\Program Files\X9WVI0VFG5\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [dc5bbc3436728aaccb0221518c74ef11]
C:\Program Files\YNJQ1GGS1A\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [112600f0654337ff5875e78b847ce818]
C:\Program Files\YNJQ1GGS1A\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [112600f0654337ff5875e78b847ce818]
C:\Program Files\YNJQ1GGS1A\YNJQ1GGS1.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [112600f0654337ff5875e78b847ce818]
C:\Program Files\ZXQGIAWI74\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [16210de3a503f6401bb2caa8e02019e7]
C:\Program Files\ZXQGIAWI74\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [16210de3a503f6401bb2caa8e02019e7]
C:\Program Files\ZXQGIAWI74\ZXQGIAWI7.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [16210de3a503f6401bb2caa8e02019e7]
C:\Windows\System32\Drivers\etc\hosts (Hijack.HostFile) -> Bad: (0.0.0.1    mssplus.mcafee.com127.0.0.1 clients2.google.com ) Good: () -> Replace on reboot. [3106c62a4d5bd36368fe78b159a7f010]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Here is the system log ...

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17607

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.817000 GHz
Memory total: 17142800384, free: 12598005760

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17607

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.817000 GHz
Memory total: 17142800384, free: 12627841024

Downloaded database version: v2017.04.12.07
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17607

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.817000 GHz
Memory total: 17142800384, free: 14402945024

Downloaded database version: v2017.04.12.07
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     04/12/2017 17:17:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avguniva.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\xhcdrv.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\ViaHub3.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AMDACPKSL.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUsb.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.04.12.07
  rootkit: v2017.04.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800fc9c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800fc9cb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800fc9c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800da2ab20, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa800da2d060, DeviceName: \Device\0000002f\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7272BC8D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 3906308096
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\xpssvcs.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\xpssvcs.dll" is compressed (flags = 1)
Infected: C:\Program Files (x86)\BeCleaner\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\BestCleaner.exe.conf --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\config.conf --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\DO9VU.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\IIEAJJZ1IGB99Q1.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\unins000.dat --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\BeCleaner\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA\GoodWay.exe.config.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\60IFEZT5NA\HaveFun.exe.config.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D\GoodWay.exe.config.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\FAMILIA\AppData\Local\Temp\IJ23BQMX8D\HaveFun.exe.config.config --> [Adware.Tuto4PC.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{73DF0452-538A-4BDC-9350-65FE392B7E36}|AutoConfigUrl --> [Hijack.AutoConfigURL.PrxySvrRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES| --> [Hijack.AutoConfigURL.PrxySvrRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE --> [Trojan.Clicker]
Infected: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl --> [Hijack.AutoConfigURL.PrxySvrRST]
Infected: C:\Users\FAMILIA\AppData\Roaming\41174157 --> [Rogue.Agent.D.Generic]
Infected: C:\Users\FAMILIA\AppData\Roaming\41174157\427469.exe.config --> [Rogue.Agent.D.Generic]
Infected: C:\Users\FAMILIA\AppData\Roaming\42444254 --> [Rogue.Agent.D.Generic]
Infected: C:\Users\FAMILIA\AppData\Roaming\42444254\549383.exe.config --> [Rogue.Agent.D.Generic]
Infected: C:\Users\FAMILIA\AppData\Roaming\72446390 --> [Rogue.Agent.D.Generic]
Infected: C:\Users\FAMILIA\AppData\Roaming\72446390\464554.exe.config --> [Rogue.Agent.D.Generic]
Infected: C:\Program Files (x86)\PubHotspot --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\cast.config --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\config.conf --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\JIDG6.exe.config --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\QVV25FAKACFOUM7.exe.config --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\unins000.dat --> [Adware.Tuto4PC]
Infected: C:\Program Files (x86)\PubHotspot\uninstaller.exe.config --> [Adware.Tuto4PC]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$R5T6CSO.BingTravel_8wekyb3d8bbwe --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$R5T6CSO.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetCache --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetCookies --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\INetHistory --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\PRICache --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\AC\Temp --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\LocalState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\RoamingState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\roaming.lock --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat.LOG1 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\Settings\settings.dat.LOG2 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\SystemAppData --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RCRKL7D.BingSports_8wekyb3d8bbwe\TempState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetCache --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetCookies --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\INetHistory --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\PRICache --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\AC\Temp --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\LocalState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\RoamingState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\roaming.lock --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat.LOG1 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\Settings\settings.dat.LOG2 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\SystemAppData --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RK3BV75.BingTravel_8wekyb3d8bbwe\TempState --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RW0LKYQ.BingSports_8wekyb3d8bbwe --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2816680137-3866285611-3782432408-1001\$RW0LKYQ.BingSports_8wekyb3d8bbwe\AppexSports.lnk --> [Trojan.Siredef.C]
Infected: C:\Program Files\2OW8AN7UUP\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\2OW8AN7UUP --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\2OW8AN7UUP\2OW8AN7UU.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\2OW8AN7UUP\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\B597BYZZOP\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\B597BYZZOP --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\B597BYZZOP\B597BYZZO.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\B597BYZZOP\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\DC4C92RTDJ\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\DC4C92RTDJ --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\DC4C92RTDJ\DC4C92RTD.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\DC4C92RTDJ\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\FHVK2OY55M\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\FHVK2OY55M --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\FHVK2OY55M\9VCSUSOO0.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\FHVK2OY55M\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\L71NC6RBQ1\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\L71NC6RBQ1 --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\L71NC6RBQ1\L71NC6RBQ.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\L71NC6RBQ1\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\SDDBQOQFLX\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\SDDBQOQFLX --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\SDDBQOQFLX\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\SDDBQOQFLX\ZG1YQRMZF.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\WEROD3OGOT\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\WEROD3OGOT --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\WEROD3OGOT\NA9BL9MLB.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\WEROD3OGOT\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\X9WVI0VFG5\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\X9WVI0VFG5 --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\X9WVI0VFG5\7EMNXPBW3.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\X9WVI0VFG5\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\YNJQ1GGS1A\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\YNJQ1GGS1A --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\YNJQ1GGS1A\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\YNJQ1GGS1A\YNJQ1GGS1.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\ZXQGIAWI74\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\ZXQGIAWI74 --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\ZXQGIAWI74\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\ZXQGIAWI74\ZXQGIAWI7.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Windows\System32\Drivers\etc\hosts --> [Hijack.HostFile]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action reg.exe...
Failed!
Executing an action cmd.exe...
Failed!
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action fixdamage.exe...
Failed!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


As far as im concerned, it seems everything is running back to normal however i did have one random virus pop up in my AVG but quickly removed it.

 

Should i re-run the anti root kit one more time and windows defender? Also, thank you for your immeasurably act of kindess for helping me.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:44 PM

Posted 12 April 2017 - 06:50 PM

Lets try other tools.

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 13 April 2017 - 07:19 AM

I couldnt find the FRST log to combine.

 

Here is the adware notes ...

 

# AdwCleaner v6.045 - Logfile created 12/04/2017 at 22:01:47
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-12.1 [Local]
# Operating System : Windows 8 Pro  (X64)
# Username : FAMILIA - FAM
# Running from : C:\Users\FAMILIA\Desktop\adwcleaner_6.045.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: vToolbarUpdater19.5.0
[-] Service deleted: Update service
[-] Service deleted: geekbuddyrsp
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Avg_Update_0116tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0317tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0615tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0715tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0814tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0915tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1015tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1114tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1214tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1215tb
[-] Folder deleted: C:\ProgramData\BitSaver
[-] Folder deleted: C:\ProgramData\c72fbe720ac00245
[-] Folder deleted: C:\ProgramData\TheBlocker
[-] Folder deleted: C:\Users\FAMILIA\.proxycheck
[-] Folder deleted: C:\Users\FAMILIA\.AnonymizerLauncher
[-] Folder deleted: C:\Users\FAMILIA\AppData\Local\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\FAMILIA\AppData\Local\torch
[-] Folder deleted: C:\Users\FAMILIA\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\FAMILIA\AppData\Local\WeatherBuddy
[-] Folder deleted: C:\Users\FAMILIA\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\FAMILIA\AppData\LocalLow\comcasttb
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\System Healer
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\Itibiti
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\HDWallPaper
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\Screenshot Pro
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\GlobalWeather
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
[-] Folder deleted: C:\Users\UpdatusUser\AppData\Local\torch
[-] Folder deleted: C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\Guest\AppData\Local\Hola
[-] Folder deleted: C:\Users\Guest\AppData\Local\torch
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\comcasttb
[-] Folder deleted: C:\Users\Guest\AppData\LocalLow\xfin_portal
[-] Folder deleted: C:\Users\Guest\Downloads\Hola
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Hola
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\IDMSQ
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG SafeGuard toolbar
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\QuickSet
[-] Folder deleted: C:\ProgramData\SNT
[-] Folder deleted: C:\ProgramData\SoftWarehouse
[-] Folder deleted: C:\ProgramData\RegisterObject
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG SafeGuard toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\QuickSet
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SNT
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SoftWarehouse
[#] Folder deleted on reboot: C:\ProgramData\Application Data\RegisterObject
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spoutly
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder deleted: C:\Program Files (x86)\AVG Security Toolbar
[-] Folder deleted: C:\Program Files (x86)\SystemHealer
[-] Folder deleted: C:\Program Files (x86)\S5
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\HDWallPaper
[-] Folder deleted: C:\Program Files (x86)\ScreenshotPro
[-] Folder deleted: C:\Program Files (x86)\Spoutly
[-] Folder deleted: C:\Program Files (x86)\SpeeDownloader
[-] Folder deleted: C:\Program Files (x86)\GlobalWeather
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\SearchProtect
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Screenshot Pro
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\GlobalWeather
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\browsers
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\AGData
[-] Folder deleted: C:\Users\FAMILIA\AppData\Roaming\SPI
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\aps.uninstall.scan.results
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk
[-] File deleted: C:\Users\FAMILIA\Desktop\Protection.exe
[-] File deleted: C:\Users\Guest\Downloads\ReimageRepair.exe
[-] File deleted: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hola.lnk
[-] File deleted: C:\END
[#] File deleted: C:\Users\FAMILIA\AppData\Roaming\Browsers\firefox.bat.exe
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\InstallationConfiguration.xml
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\invalidprefs.js
[-] File deleted: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\y1748gzz.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ads.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ads.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b3.playsushi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b3.playsushi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b4.playsushi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b4.playsushi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.adbabylon.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.adbabylon.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_frets-on-fire.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_frets-on-fire.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_iad-usadmm.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_iad-usadmm.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_login.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_login.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.sweetim.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.sweetim.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.gboxapp.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.gboxapp.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sjc-usadmm.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sjc-usadmm.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_store.wizeandope.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_store.wizeandope.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_usadmm.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_usadmm.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_usweb.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_usweb.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vcm-match.dotomi.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vcm-match.dotomi.com_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.outfox.tv_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.outfox.tv_0.localstorage-journal
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.smartsuggestor.com_0.localstorage
[-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.smartsuggestor.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\FAMILIA\Desktop\Chrome App Launcher.lnk
[-] Shortcut disinfected: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[-] Shortcut disinfected: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
[-] Shortcut disinfected: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ad Block Plus.lnk
[-] Shortcut disinfected: C:\Users\FAMILIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlock App (by STANDS).lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome App Launcher.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: Gntypluhsp
[-] Task deleted: SystemHealer Monitor
[-] Task deleted: HDWallPaper
[-] Task deleted: Microsoft\Windows\Media Center\RegisterObject
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
[-] Key deleted: HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Hola
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Optimizer Pro
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\usyndication.com
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\WeatherAlerts
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\AppDataLow\Software\xfin_portal
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerEnhance
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AnyProtect
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Tutorials
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\ELLS LLC
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\AppDataLow\Software\xfin_portal
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\mysearchdial
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\RightSurf
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1003\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1003\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AnyProtect
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Tutorials
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\ELLS LLC
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\xfin_portal
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\GS.Enabler
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\Taronja
[-] Key deleted: HKLM\SOFTWARE\Tutorials
[-] Key deleted: HKLM\SOFTWARE\msServer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\mysearchdial
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\RightSurf
[#] Key deleted on reboot: [x64] HKCU\Software\AnyProtect
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Tutorials
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\ELLS LLC
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\xfin_portal
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[#] Data restored on reboot: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Internet Explorer\Main [Start Page] 
[#] Data restored on reboot: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[#] Data restored on reboot: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Internet Explorer\SearchScopes\{FD73C837-68EC-42A5-AFE5-E955DDCBA91F}
[-] Key deleted: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Value deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Run [hola]
[-] Value deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola]
[-] Value deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Run [IDMSQ]
[-] Value deleted: HKU\AvGeneric_S-1-5-21-2816680137-3866285611-3782432408-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [IDMSQ]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnonymizerGadget]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "avg.install.userHPSettings" -  "hxxp://n.clickforms.ru/c/1a30e417c259f275?"
[-] Firefox preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" -  "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com"
[-] Firefox preferences cleaned: "browser.search.defaultenginename" -  "AVG Secure Search"
[-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "AVG Secure Search"
[-] Firefox preferences cleaned: "browser.startup.homepage" -  "hxxp://n.clickforms.ru/c/1a30e417c259f275?"
[-] Firefox preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" -  "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com"
[-] Firefox preferences cleaned: "browser.search.defaultenginename" -  "AVG Secure Search"
[-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "AVG Secure Search"
[-] [C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: us.yhs4.search.yahoo.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.gboxapp.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo
[-] [C:\Users\FAMILIA\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com
[-] [C:\Users\FAMILIA\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\FAMILIA\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [34149 Bytes] - [12/04/2017 22:01:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [34556 Bytes] - [12/04/2017 21:33:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [34627 Bytes] - [12/04/2017 21:48:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [34371 Bytes] ##########
 
 
Here is JRT ...
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8 Pro x64 
Ran by FAMILIA (Administrator) on Wed 04/12/2017 at 22:37:06.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\comodo\geekbuddy (Folder) 
Successfully deleted: C:\Users\FAMILIA\AppData\Roaming\dll-files.com (Folder) 
Successfully deleted: C:\Users\FAMILIA\AppData\Roaming\Mozilla\Firefox\Profiles\f6ykpirk.default-1399066483812\user.js (File) 
Successfully deleted: C:\Users\FAMILIA\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Users\Public\Desktop\dll-files fixer.lnk (Shortcut) 
Successfully deleted: C:\Windows\system32\Tasks\DLL-Files.Com Fixer_MONTHLY (Task)
Successfully deleted: C:\Windows\system32\Tasks\DLL-Files.Com Fixer_Updates (Task)
Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Program Files\comodo\geekbuddy (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/12/2017 at 23:13:29.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:44 PM

Posted 13 April 2017 - 09:46 AM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as fixlist.txt
  • Change the Save as Type to All Files
  • and Save it in the same location FRST64 is saved.
  • Once saved, open FRST64 and click on the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
  • Please copy and paste its contents in your next reply.
     
     

    HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\FAMILIA\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [349704 2017-04-12] (Jetico ltd) <===== ATTENTION
    GroupPolicy: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-2816680137-3866285611-3782432408-1003] ATTENTION => Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2816680137-3866285611-3782432408-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\9289641.js [2017-04-10] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\9289641.cfg [2017-04-10] <==== ATTENTION
    S2 windowsmanagementservice; "C:\Users\FAMILIA\AppData\Local\qbynw\ct.exe" /svc [X] <==== ATTENTION
    R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
    Task: {0EDDB7BA-D742-4ECB-A56A-7D7D1BE431C9} - System32\Tasks\REGUtilities Task => C:\Program Files (x86)\REGUtilities\REGUtilities.exe [2015-08-28] (Tuneup System Software Pvt Ltd.) <==== ATTENTION
    Task: {407A688F-9163-47B5-96B9-B8335ECDAE8E} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe  <==== ATTENTION
    Task: {91053F60-6086-474A-A0F9-47A6C74900CF} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe  <==== ATTENTION
    Task: {E6CD0C75-EF28-4701-817D-EB8109D67D62} - System32\Tasks\Microsoft\Windows\Media Center\RegisterObject => C:\\ProgramData\\RegisterObject\\RegisterObject.exe  <==== ATTENTION
    Task: C:\Windows\Tasks\REGUtilities Task.job => C:\Program Files (x86)\REGUtilities\REGUtilities.exe -t  C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION
    AppInit_DLLs-x32: c:\progra~2\gsb779~1.ena => No File
    Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-2816680137-3866285611-3782432408-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
    2017-04-12 14:24 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
    2015-10-01 17:46 - 2015-10-01 17:46 - 0000512 _____ () C:\Users\FAMILIA\AppData\Local\Temp\29f61e985d2eed196af9583a15a5c5a4.dll
    2016-01-16 18:35 - 2014-10-28 07:49 - 0060296 _____ (Autodesk, Inc.) C:\Users\FAMILIA\AppData\Local\Temp\AcDeltree.exe
    2015-10-10 10:22 - 2015-10-10 10:25 - 272865000 _____ (AMD Inc.) C:\Users\FAMILIA\AppData\Local\Temp\amd-catalyst-14.4-64bit-win8.1-win8-win7-whql-aug.exe
    2017-04-10 23:50 - 2017-04-10 23:50 - 0931704 _____ () C:\Users\FAMILIA\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1701.exe
    2015-11-01 21:53 - 2015-11-01 21:53 - 2892128 _____ (AVG Technologies) C:\Users\FAMILIA\AppData\Local\Temp\avg-b985741e-d195-451c-aa14-033652564079.exe
    2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081308836129.exe
    2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081620800069.exe
    2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08462937382.exe
    2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08490299885.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 0144008 _____ (c 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BingSvc.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 1118360 _____ (c 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcProcessor.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 0170128 _____ (c 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcUpdater.exe
    2017-04-10 23:50 - 2017-04-10 23:50 - 7469104 _____ (Gold Click Ltd                                              ) C:\Users\FAMILIA\AppData\Local\Temp\offer17pg.exe
    2016-03-10 17:17 - 2016-03-10 17:18 - 59759200 _____ () C:\Users\FAMILIA\AppData\Local\Temp\playstv_patch.exe
    2015-10-10 11:15 - 2015-10-10 11:16 - 61015144 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptrpatch.exe
    2015-10-10 11:15 - 2015-10-10 11:15 - 0221632 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptr_stub.exe
    2016-05-14 14:02 - 2016-05-14 14:02 - 45196928 _____ (Skype Technologies S.A.) C:\Users\FAMILIA\AppData\Local\Temp\SkypeSetup.exe
    2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_0811913779.exe
    2016-05-13 23:15 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_081528866724.exe
    2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08204699520.exe
    2016-06-23 21:24 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08245833092.exe
    2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08588954256.exe
    2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08626550083.exe
    2015-09-10 23:04 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.183107.exe
    2015-09-09 12:01 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.exe
    2015-11-05 18:24 - 2015-11-05 18:24 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.317.exe
    2015-11-26 17:50 - 2015-11-26 17:50 - 23309952 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
    2015-12-08 07:05 - 2015-12-08 07:05 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.764.exe
    2015-12-16 23:21 - 2015-12-16 23:21 - 23321216 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.890.exe
    2015-12-18 17:06 - 2015-12-18 17:07 - 23318656 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.994.exe
    2016-01-17 11:42 - 2016-01-17 11:43 - 23334528 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.11.399.exe
    2015-05-11 22:30 - 2015-05-11 22:30 - 15241160 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
    2015-05-12 19:32 - 2015-05-12 19:32 - 15853000 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
    2015-05-18 07:25 - 2015-05-18 07:25 - 14973896 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
    2015-05-21 17:41 - 2015-05-21 17:41 - 15966152 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
    2015-05-31 16:08 - 2015-05-31 16:08 - 16669640 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.103.exe
    2015-06-01 19:04 - 2015-06-01 19:04 - 16664008 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.124.exe
    2015-06-02 09:44 - 2015-06-02 09:44 - 16668104 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.131.exe
    2015-06-02 14:43 - 2015-06-02 14:43 - 16728520 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.143.exe
    2015-06-03 19:09 - 2015-06-03 19:10 - 17199560 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.164.exe
    2015-06-04 18:37 - 2015-06-04 18:37 - 17184712 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.179.exe
    2015-06-05 06:07 - 2015-06-05 06:07 - 17193416 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.183.exe
    2015-06-05 19:12 - 2015-06-05 19:12 - 17173960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.188.exe
    2015-06-07 09:44 - 2015-06-07 09:44 - 17187784 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.196.exe
    2015-06-07 12:23 - 2015-06-07 12:23 - 17198024 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.201.exe
    2015-06-08 08:21 - 2015-06-08 08:21 - 17192904 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
    2015-06-12 06:20 - 2015-06-12 06:20 - 17197512 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.277.exe
    2015-05-27 12:55 - 2015-05-27 19:07 - 16645576 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.28.exe
    2015-06-13 18:42 - 2015-06-13 18:42 - 17179080 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.308.exe
    2015-06-15 08:44 - 2015-06-15 08:44 - 17191880 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
    2015-06-22 08:58 - 2015-06-22 08:58 - 17365960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
    2015-07-13 14:34 - 2015-07-13 14:35 - 15962568 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.595.exe
    2015-07-14 09:50 - 2015-07-14 09:50 - 15969736 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.649.exe
    2015-05-26 19:21 - 2015-05-26 19:21 - 16666056 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.7.exe
    2015-05-30 05:58 - 2015-05-30 05:58 - 16677320 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.77.exe
    2015-08-05 14:13 - 2015-08-05 15:00 - 15984256 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.10.exe
    2015-08-11 09:45 - 2015-08-11 09:45 - 15985792 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.105.exe
    2015-09-06 12:40 - 2015-09-06 12:40 - 23263360 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.510.exe
    2015-09-10 22:58 - 2015-09-10 22:58 - 23264384 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.567.exe
    2015-09-15 07:02 - 2015-09-15 07:02 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.624.exe
    2015-10-31 18:21 - 2015-10-31 18:21 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.789.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.697289.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.831813.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.exe
    2014-04-17 03:18 - 2014-04-17 03:18 - 0921512 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    2014-10-19 07:54 - 2014-10-19 07:54 - 0937896 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    2014-03-10 18:20 - 2014-02-27 17:52 - 0120912 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\lowproc.exe
    2014-03-10 18:20 - 2014-02-27 17:52 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\stubhelper.dll
    2014-06-21 14:00 - 2014-06-21 14:00 - 0139672 _____ (Eclipse Foundation) C:\Users\Guest\AppData\Local\Temp\swt-win32-3349.dll
    AlternateDataStreams: C:\Users\FAMILIA\AppData\Local\Temp:DEK6KtvPUxiJSxhrsqHK8qjSjI [2386]
    AutoConfigURL: [S-1-5-21-2816680137-3866285611-3782432408-1001] => hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296
    AutoConfigURL: [S-1-5-21-2816680137-3866285611-3782432408-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296
    Hosts:
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    Tcpip\..\Interfaces\{99C24E0A-80D8-4C82-8F2D-C520CBD88149}: [DhcpNameServer] 192.168.15.1
    ManualProxies: 0hxxp://tech-access.biz/wpad.dat?48c42ab03c1d7a33964e5dfd0baa85e528191296
    R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
    C:\Windows\System32\drivers\ndistpr64.sys
    2014-01-08 21:07 - 2014-01-08 21:07 - 2759168 _____ () C:\Program Files (x86)\GS_x64.Enabler
    2014-04-27 22:07 - 2014-06-02 10:23 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-04-26 20:43 - 2014-04-26 20:44 - 0000318 _____ () C:\Users\FAMILIA\AppData\Roaming\aps.uninstall.scan.results
    2017-04-10 23:49 - 2017-04-10 23:50 - 0011568 _____ () C:\Users\FAMILIA\AppData\Roaming\InstallationConfiguration.xml
    2017-04-10 23:49 - 2017-04-10 23:49 - 0140288 _____ () C:\Users\FAMILIA\AppData\Roaming\Installer.dat
    2014-01-26 13:33 - 2014-03-31 00:33 - 0000127 _____ () C:\Users\FAMILIA\AppData\Roaming\WB.CFG
    2014-02-01 17:30 - 2014-02-03 20:56 - 0002763 _____ () C:\ProgramData\connector.swf
    C:\Users\FAMILIA\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe
    2015-10-01 17:46 - 2015-10-01 17:46 - 0000512 _____ () C:\Users\FAMILIA\AppData\Local\Temp\29f61e985d2eed196af9583a15a5c5a4.dll
    2016-01-16 18:35 - 2014-10-28 07:49 - 0060296 _____ (Autodesk, Inc.) C:\Users\FAMILIA\AppData\Local\Temp\AcDeltree.exe
    2015-10-10 10:22 - 2015-10-10 10:25 - 272865000 _____ (AMD Inc.) C:\Users\FAMILIA\AppData\Local\Temp\amd-catalyst-14.4-64bit-win8.1-win8-win7-whql-aug.exe
    2017-04-10 23:50 - 2017-04-10 23:50 - 0931704 _____ () C:\Users\FAMILIA\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1701.exe
    2015-11-01 21:53 - 2015-11-01 21:53 - 2892128 _____ (AVG Technologies) C:\Users\FAMILIA\AppData\Local\Temp\avg-b985741e-d195-451c-aa14-033652564079.exe
    2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081308836129.exe
    2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_081620800069.exe
    2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08462937382.exe
    2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\FAMILIA\AppData\Local\Temp\avguirn_08490299885.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BingSvc.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcProcessor.exe
    2016-01-15 17:31 - 2016-01-15 17:31 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\FAMILIA\AppData\Local\Temp\BSvcUpdater.exe
    2017-04-10 23:50 - 2017-04-10 23:50 - 7469104 _____ (Gold Click Ltd                                              ) C:\Users\FAMILIA\AppData\Local\Temp\offer17pg.exe
    2016-03-10 17:17 - 2016-03-10 17:18 - 59759200 _____ () C:\Users\FAMILIA\AppData\Local\Temp\playstv_patch.exe
    2015-10-10 11:15 - 2015-10-10 11:16 - 61015144 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptrpatch.exe
    2015-10-10 11:15 - 2015-10-10 11:15 - 0221632 _____ () C:\Users\FAMILIA\AppData\Local\Temp\raptr_stub.exe
    2016-05-14 14:02 - 2016-05-14 14:02 - 45196928 _____ (Skype Technologies S.A.) C:\Users\FAMILIA\AppData\Local\Temp\SkypeSetup.exe
    2015-11-18 16:17 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_0811913779.exe
    2016-05-13 23:15 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_081528866724.exe
    2016-05-31 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08204699520.exe
    2016-06-23 21:24 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08245833092.exe
    2016-01-05 18:48 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08588954256.exe
    2016-01-16 04:36 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Guest\AppData\Local\Temp\avguirn_08626550083.exe
    2015-09-10 23:04 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.183107.exe
    2015-09-09 12:01 - 2015-08-19 06:40 - 40326904 _____ () C:\Users\Guest\AppData\Local\Temp\Firefox-Setup-38.0.5.exe
    2015-11-05 18:24 - 2015-11-05 18:24 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.317.exe
    2015-11-26 17:50 - 2015-11-26 17:50 - 23309952 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
    2015-12-08 07:05 - 2015-12-08 07:05 - 23306368 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.764.exe
    2015-12-16 23:21 - 2015-12-16 23:21 - 23321216 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.890.exe
    2015-12-18 17:06 - 2015-12-18 17:07 - 23318656 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.994.exe
    2016-01-17 11:42 - 2016-01-17 11:43 - 23334528 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.11.399.exe
    2015-05-11 22:30 - 2015-05-11 22:30 - 15241160 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
    2015-05-12 19:32 - 2015-05-12 19:32 - 15853000 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
    2015-05-18 07:25 - 2015-05-18 07:25 - 14973896 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
    2015-05-21 17:41 - 2015-05-21 17:41 - 15966152 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
    2015-05-31 16:08 - 2015-05-31 16:08 - 16669640 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.103.exe
    2015-06-01 19:04 - 2015-06-01 19:04 - 16664008 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.124.exe
    2015-06-02 09:44 - 2015-06-02 09:44 - 16668104 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.131.exe
    2015-06-02 14:43 - 2015-06-02 14:43 - 16728520 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.143.exe
    2015-06-03 19:09 - 2015-06-03 19:10 - 17199560 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.164.exe
    2015-06-04 18:37 - 2015-06-04 18:37 - 17184712 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.179.exe
    2015-06-05 06:07 - 2015-06-05 06:07 - 17193416 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.183.exe
    2015-06-05 19:12 - 2015-06-05 19:12 - 17173960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.188.exe
    2015-06-07 09:44 - 2015-06-07 09:44 - 17187784 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.196.exe
    2015-06-07 12:23 - 2015-06-07 12:23 - 17198024 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.201.exe
    2015-06-08 08:21 - 2015-06-08 08:21 - 17192904 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
    2015-06-12 06:20 - 2015-06-12 06:20 - 17197512 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.277.exe
    2015-05-27 12:55 - 2015-05-27 19:07 - 16645576 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.28.exe
    2015-06-13 18:42 - 2015-06-13 18:42 - 17179080 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.308.exe
    2015-06-15 08:44 - 2015-06-15 08:44 - 17191880 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
    2015-06-22 08:58 - 2015-06-22 08:58 - 17365960 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
    2015-07-13 14:34 - 2015-07-13 14:35 - 15962568 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.595.exe
    2015-07-14 09:50 - 2015-07-14 09:50 - 15969736 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.649.exe
    2015-05-26 19:21 - 2015-05-26 19:21 - 16666056 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.7.exe
    2015-05-30 05:58 - 2015-05-30 05:58 - 16677320 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.77.exe
    2015-08-05 14:13 - 2015-08-05 15:00 - 15984256 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.10.exe
    2015-08-11 09:45 - 2015-08-11 09:45 - 15985792 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.105.exe
    2015-09-06 12:40 - 2015-09-06 12:40 - 23263360 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.510.exe
    2015-09-10 22:58 - 2015-09-10 22:58 - 23264384 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.567.exe
    2015-09-15 07:02 - 2015-09-15 07:02 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.624.exe
    2015-10-31 18:21 - 2015-10-31 18:21 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.789.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.697289.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.831813.exe
    2015-10-25 11:05 - 2015-09-30 08:31 - 23262848 _____ (Hola Networks Ltd.) C:\Users\Guest\AppData\Local\Temp\Hola-Setup-x64-1.9.789.exe
    2014-04-17 03:18 - 2014-04-17 03:18 - 0921512 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    2014-10-19 07:54 - 2014-10-19 07:54 - 0937896 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    2014-03-10 18:20 - 2014-02-27 17:52 - 0120912 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\lowproc.exe
    2014-03-10 18:20 - 2014-02-27 17:52 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Guest\AppData\Local\Temp\stubhelper.dll
    2014-06-21 14:00 - 2014-06-21 14:00 - 0139672 _____ (Eclipse Foundation) C:\Users\Guest\AppData\Local\Temp\swt-win32-3349.dll
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset C:\resettcpip.txt
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
    CMD: Bitsadmin /Reset /Allusers
    EMPTYTEMP:
    Reboot:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 13 April 2017 - 10:46 AM

Its scanning right now hold on a moment.



#15 tt23

tt23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 13 April 2017 - 12:30 PM

Its still scanning after like 2 hours should i restart 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users